Closed DaehyunLee closed 3 years ago
mrochon
commented
3 years ago Did you follow instructions for preparing the setup script? You do need to register a reply url for the app. From your UI it appears you do not have one. Click on Add platform, select Mobil/Desktop app and enter the url: urn:ietf:wg:oauth:2.0:oob. Hope this helps.
DaehyunLee
commented
3 years ago @mrochon thanks for the reply. I've followed the setup for the one you mentioned for the B2CSetup app registration.
The screenshots I've posted is for the one that's generated in https://github.com/mrochon/b2csamples/blob/81037ec00fca308fc710255165e9f91b2fbdf94c/Scripts/MultiTenant/Setup-B2CMultiTenant.ps1#L277
First Error message screen is followed by https://github.com/mrochon/b2csamples/blob/81037ec00fca308fc710255165e9f91b2fbdf94c/Scripts/MultiTenant/Setup-B2CMultiTenant.ps1#L474
which takes me to this screen.
Currently, creating a new tenant works, But unable to follow the invite link.
mrochon
commented
3 years ago This is not an error. You need to grant consent to the app you just created to have tenant-wide permissions to read/write security groups. Either click on the Accept button here or go to the portal, app registration, find this app (has -clientcreds as suffix), API Permissions and grant it there.
DaehyunLee
commented
3 years ago Sorry for not being clear.
the first error screen AADSTS500113 shows when I press the Accept button.
mrochon
commented
3 years ago Please grant consent through the portal then. Seems like my script omitted to create a reply url for this app. The app does not need it as it is an API, not signing users in using a passive flow. So, either add a fake reply url (e.g. https://fake.com) to the app registration (and use the link in the script) or do it directly in the portal as per my earlier comment. If you use the fake, you should be prompted to signin, grant consent and then you will be redirected to whatever url you entered. Since that site either does not exist or does not expect to get messages from B2C it may give you an error. That's OK - consent is already recorded in B2C by then.
DaehyunLee
commented
3 years ago Thank you so much for the info.
This is what I have in b2cmtapi2-clientcreds
Should I also have openId and profile granted, too?
mrochon
commented
3 years ago Looks good. Click on the 'Grant admin consent for ...' on that screen.
Thank you for this repo @mrochon.
This seems like the exact flow that I needed. I'm trying to deploy this on my own and learn more from this repo. I've followed the steps in the Scripts/Multitenant/readme .
When I run the script, I'm getting this error. Would be great to get some insights from anyone who experienced something similar.
The app-clientcreds app registration currently looks like this
I have to say there had been some trials and errors trying to run the script. Also, I've made some minor changes to remove Facebook and Google from the policies.