Forum Discussion
Ian_Morrish
Mar 09, 2022Brass Contributor
Azure B2C oidc authentication with SPSE failed
My AuthorizationEndpoint is defined in SP as "https://tenantName.b2clogin.com/tenantName.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1a_signup_signin" But when SP redirects, it drops the p=b2c...
Ian_Morrish
Mar 26, 2022Brass Contributor
See Case #:30122271
IT is not an error, just incompatibility.
SharePoint will always append the ?source= to the OIDC redirect_uri value.
This also happens on session timeout and then SharePoint adds the relative path for the page the user is requesting to the source value.
B2C doesn't allow any parameter in the uri_redirect. It supports state or custom parameters for this. https://docs.microsoft.com/en-us/azure/active-directory-b2c/openid-connect
SharePoint team could resolve this as I don't think B2C team will allow URL parameters.
SP would need to have to option to do either:
append the source value just as a bookmark ( #relativpathForSPpage ) or implement a Source custom parameter.
IT is not an error, just incompatibility.
SharePoint will always append the ?source= to the OIDC redirect_uri value.
This also happens on session timeout and then SharePoint adds the relative path for the page the user is requesting to the source value.
B2C doesn't allow any parameter in the uri_redirect. It supports state or custom parameters for this. https://docs.microsoft.com/en-us/azure/active-directory-b2c/openid-connect
SharePoint team could resolve this as I don't think B2C team will allow URL parameters.
SP would need to have to option to do either:
append the source value just as a bookmark ( #relativpathForSPpage ) or implement a Source custom parameter.
Steve Zhang
Mar 27, 2022Microsoft
Hi Ian,
I got you. We haven't validated with Azure B2C OIDC. We will take a look.
Steve
I got you. We haven't validated with Azure B2C OIDC. We will take a look.
Steve
- imorrishSep 07, 2022Copper ContributorHi Steve, any progress on this?
- Steve ZhangJan 05, 2023MicrosoftCould you please try again? I remember we fixed it if my memory is fresh.