Local accounts signin and msal.js issue

[kiranbhadani]

I am setting up b2c multi-tenant authentication for my app, I try to follow same steps but stuck with 2 problems

1. Signin with local accounts not working, Signup works fine
2. My app is a React SPA, after azure account (not local) login flow completes, I am getting 'X-Frame-Option' deny error

Error screenshots attached

[mrochon]

Is it ok for me to try your app out? Please send me the app's url and signin instructions unless they are obvious from the UI. Also, I may need a copy of the app's manifest. Do you know whether you are using my html customization (from my blob storage) or your own?

[kiranbhadani]

@mrochon app is not live yet with custom policy, live app (http://app.skypointcloud.com/) is currently using standard policy, with custom policy I have not done any UI customization yet (using default), App's manifest which one, IdentityFrameWork apps?

[kiranbhadani]

@mrochon if you can share your email, I can provide you my policy files and authentication flow url, if you can look at those it would be great help

[mrochon]

My email is on the demo site: sailingrock at live.com. However, what would be more helpful now is access to the execution of your policy, just the OIDC token request your app (or some test app) would be sending to B2C. Something I can run myself and see the symptoms you are referring to. I usually register one test app in my B2C with reply url: https://oidcdebugger.com/debug so I can run my flows before I write any app code.

[mrochon]

Sorry, I only noticed your screenshots now & may know what's the problem. The first one (frame) is probably caused by your app trying to ask for a token in a way that requires user authn in a frame it created. That's forbidden to prevent click-through attacks. Are you using MSAL.JS, or samples? That toolkit will do it correctly. The 2nd issue may be caused by incorrect values for IdentityExperienceFrameworkAppId and its proxy in your extensions.xml. Di you use my PowerShell script to upload these? (It updates these automatically).

[mrochon]

Sorry, my most recent suggestion to use the PowerShell upload script was incorrect. I had moved that code already to the B2C multitenant PowerShell setup script so executing that code should be sufficient. You may want to download your TrustFrameworkExtensions.xml policy from your B2C and verify whether the values for client_id and IdTokenAudience are correct wrt to your B2C tenant. You can see what they should be by looking for the IdentityFrameworkExperience apps in your tenant AAD app registrations (or use my web app to display these).

[kiranbhadani]

@mrochonI I manually configured policy files flowing these steps https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-get-started?tabs=applications, I verified it and even recreated IEF apps and try with new Ids

We are using msal.js with 'react-aad-msal', and it works fine when using standard b2c policy (userflow), also with custom policy it works fine when using google authentication

[mrochon]

Ping me on sailingrock@live.com. If you can screen share I can check what's wrong.

[kiranbhadani]

Sure let's do it, I ping you on Skype, my id is 'kiran.bhadani'

[kiranbhadani]

@mrochon I am able to fix the local account issue, don’t know the root cause exactly but recreating IEF apps with this tool worked https://b2ciefsetup.azurewebsites.net/

Still have that js error when login with Azure account, something to do with SPA, please let me know if you do know anything about that

Thanks!