Forum Discussion

Ian_Morrish's avatar
Ian_Morrish
Brass Contributor
Mar 09, 2022

Azure B2C oidc authentication with SPSE failed

My AuthorizationEndpoint is defined in SP as  "https://tenantName.b2clogin.com/tenantName.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1a_signup_signin"   But when SP redirects, it drops the p=b2c...
Ian_Morrish's avatar
Ian_Morrish
Brass Contributor
Mar 10, 2022
Think I found my problem, should be using OpenID connect format, not OAuth2. Very subtle difference where the flow name goes.
GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/authorize?
Steve Zhang's avatar
Steve Zhang
Icon for Microsoft rankMicrosoft
Mar 11, 2022
Thank you Ian for trying on OIDC in SPSE. Good to know that you sorted out the problem.
Please let us know if you have further problem or suggestion regarding SharePoint Server authentication.
  • Ian_Morrish's avatar
    Ian_Morrish
    Brass Contributor
    Mar 26, 2022
    Hmmm, still didn't work because SharePoint adds ?Source=/ to the redirect_uri which B2C apps don’t allow (Azure AD does allow and sample guide for configuring OIDC in Azure AD shows modifying the manafest to allow /* which is blocked in B2C).
    URL Rewrite to the rescue. Handling the Password Rest flow from B2C is a little more tricky.
    • Steve Zhang's avatar
      Steve Zhang
      Icon for Microsoft rankMicrosoft
      Mar 26, 2022

      Ian_Morrish Is there any more detail about the error you are facing? 

      The detail of your configurations and also the ULS Log?

       

      Steve

      • Ian_Morrish's avatar
        Ian_Morrish
        Brass Contributor
        Mar 26, 2022
        See Case #:30122271
        IT is not an error, just incompatibility.
        SharePoint will always append the ?source= to the OIDC redirect_uri value.
        This also happens on session timeout and then SharePoint adds the relative path for the page the user is requesting to the source value.

        B2C doesn't allow any parameter in the uri_redirect. It supports state or custom parameters for this. https://docs.microsoft.com/en-us/azure/active-directory-b2c/openid-connect

        SharePoint team could resolve this as I don't think B2C team will allow URL parameters.
        SP would need to have to option to do either:
        append the source value just as a bookmark ( #relativpathForSPpage ) or implement a Source custom parameter.

Resources