通过 Azure AD B2C 自定义策略登录 Facebook

Question

I have created custom policy using Identity Experience Framework. I am able to signup and signin user using the local account but when I am trying to use Facebook as social login I am running into some error.

Issue: When I click Facebook login (Social Login) from my custom policy, I am being redirected to FB for login, but after login from FB I am seeing below error from application insights.

{
""Kind"": ""HandlerResult"",
""Content"": {
  ""Result"": true,
  ""RecorderRecord"": {
    ""Values"": [
      {
        ""Key"": ""SendErrorTechnicalProfile"",
        ""Value"": ""OAuth2ProtocolProvider""
      },
      {
        ""Key"": ""Exception"",
        ""Value"": {
          ""Kind"": ""Handled"",
          ""HResult"": ""80131500"",
          ""Message"": ""An exception was caught when making a request to URL \""https://graph.facebook.com/oauth/access_token\"" using method \""Get\"". The exception status code was \""ProtocolError\"" with the following message: {scrubbed}."",
          ""Data"": {},
          ""Exception"": {
            ""Kind"": ""Handled"",
            ""HResult"": ""80131509"",
            ""Message"": ""The remote server returned an error: (400) Bad Request."",
            ""Data"": {}
          }
        }
      }
    ]
  }
}

},

any thoughts?

<TechnicalProfiles>
    <TechnicalProfile Id="Facebook-OAUTH">
      <!-- The text in the following DisplayName element is shown to the user on the claims provider selection screen. -->
      <DisplayName>Facebook</DisplayName>
      <Protocol Name="OAuth2" />
      <Metadata>
        <Item Key="ProviderName">facebook</Item>
        <Item Key="authorization_endpoint">https://www.facebook.com/dialog/oauth</Item>
        <Item Key="AccessTokenEndpoint">https://graph.facebook.com/oauth/access_token</Item>
        <Item Key="ClaimsEndpoint">https://graph.facebook.com/me?fields=id,first_name,last_name,name,email,picture</Item>
        <Item Key="scope">email</Item>
        <Item Key="HttpBinding">GET</Item>
        <Item Key="client_id">xxxxxxxx</Item>
        <Item Key="UsePolicyInRedirectUri">0</Item>
      </Metadata>
      <CryptographicKeys>
        <Key Id="client_secret" StorageReferenceId="B2C_1A_FacebookSecret" />
      </CryptographicKeys>
      <InputClaims />
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="userId" PartnerClaimType="id" />
        <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="first_name" />
        <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="last_name" />
        <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
        <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />
        <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="facebook.com" />
        <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
        <OutputClaim ClaimTypeReferenceId="extension_picture"  PartnerClaimType="picture"/>
      </OutputClaims>
      <OutputClaimsTransformations>
        <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
        <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
        <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
        <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" />
      </OutputClaimsTransformations>
      <UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
    </TechnicalProfile>
  </TechnicalProfiles>

Answer 1

You must also add the following item to <Metadata /> :

<Item Key="AccessTokenResponseFormat">json</Item>

See this blog post for more information.

Answer 2

You have add as well...

<Metadata>
   <Item Key="AccessTokenResponseFormat">json</Item>
</Metadata>

<OutputClaims>
   <OutputClaim ClaimTypeReferenceId="identityProviderAccessToken" PartnerClaimType="{oauth2:access_token}" />
</OutputClaims>