I've been looking for documentation on how to configure redirect_uri for B2C but it seems to be missing.
There's the "CallbackPath": "/signin-oidc" but no RedirectUri is used in public client?
When you run the B2C app behind a proxy (like app service behind azure front door) the redirect URL needs to be configured for the proxy, not for the web app.
Redirect can be changed in code, but for other MSAL libraries that can be set in configuration.
Is this the intended way of handling this?
// Ensure correct redirect URI handling
options.Events.OnRedirectToIdentityProvider = async context =>
{
await parentHandler(context);
var request = context.Request;
var forwardedHost = request.Headers["X-Forwarded-Host"].FirstOrDefault();
var forwardedProto = request.Headers["X-Forwarded-Proto"].FirstOrDefault();
var scheme = forwardedProto ?? request.Scheme;
var host = forwardedHost ?? request.Host.Host;
var port = request.Host.Port ?? -1;
var uriBuilder = new UriBuilder(scheme, host, port)
{
Path = context.Options.CallbackPath.HasValue ? context.Options.CallbackPath.Value : "/signin-oidc",
};
var logger = context.HttpContext.RequestServices.GetRequiredService<ILogger<MyApp>>();
logger.LogInformation("Redirecting to {redirectUri}", context.ProtocolMessage.RedirectUri);
logger.LogInformation("AFD built URL would be: {redirectUri}", uriBuilder.Uri);
context.ProtocolMessage.RedirectUri = uriBuilder.Uri.ToString();
};
});
Documentation related to component
I've been looking for documentation on how to configure redirect_uri for B2C but it seems to be missing. There's the
"CallbackPath": "/signin-oidc"but noRedirectUriis used in public client?https://github.com/AzureAD/microsoft-identity-web/blob/bf77c78f24cb2d0c9e91756801b0bacc7bbe9dfd/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/TokenAcquisitionAspnetCoreHost.cs#L127
Please check all that apply
Description of the issue
When you run the B2C app behind a proxy (like app service behind azure front door) the redirect URL needs to be configured for the proxy, not for the web app.
Redirect can be changed in code, but for other MSAL libraries that can be set in configuration.
Is this the intended way of handling this?