.Net core api with AD B2C OAuth 2.0 - Invalid_token 错误

Question

I am following this resource. I can get the token successfully but get 401 upon using the token in the second call to my api. It says Bearer error='invalid_token'. Earlier it was giving "Invalid issuer" so I decoded the token to use the issuer in "Instance" field of appSettings.json. Following are appSettings and token. What am I doing wrong?

appSettings.json

{
"AzureAdB2C": {
"Instance": "https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxx/v2.0/",
"ClientId": "452gfsgsdfgsdgssfs5425234",
"Domain": "xxxxxxxxxxxxxxx.onmicrosoft.com",
"SignUpSignInPolicyId": "B2C_1_Auth-SignUpIn"
},
"Logging": {
"LogLevel": {
"Default": "Warning"
}
},
"AllowedHosts": "*"
}

token

{
"iss": "https://login.microsoftonline.com/23423fsf234234sfsd42342vsx2542/v2.0/",
"exp": 1551878022,
"nbf": 1551874422,
"aud": "ee965664-d1e3-4144-939a-11f77c523b50",
"oid": "a9ee8ebb-433d-424b-ae24-48c73ae9969c",
"sub": "a9ee8ebb-433d-424b-ae24-48c73ae9969c",
"name": "unknown",
"extension_xxxID": "9f27fd88-7faf-e411-80e6-005056851bfe",
"emails": [
"dfgdfgadfgadfg@dgadg.com"
],
"tfp": "B2C_1_Auth-SignUpIn",
"scp": "user_impersonation",
"azp": "4453gdfgdf53535bddhdh",
"ver": "1.0",
"iat": 1551874422
}

AD B2C instance

Azure AD B2C setting

Postman - revalapi highlighted is the uri of the registered app in the previous shot

Token

Error

Answer 1

Ok. Looks like AD B2C + .Net Core is not happy with onmicrosoft.com URI even though the Microsoft docs resource say it does. See here . I had to use the b2clogin.com uri as shown in below screen shots. Hope it helps someone.

Postman

AppSettings.json

Startup.Auth.cs

        public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication(AzureADB2CDefaults.BearerAuthenticationScheme)
                .AddAzureADB2CBearer(options => Configuration.Bind("AzureAdB2C", options));
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
            services.AddApplicationInsightsTelemetry();             
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseHsts();
            }
            app.UseAuthentication();
            app.UseHttpsRedirection();
            app.UseMvc();            
        }

Answer 2

For registering your B2C dotnet core application first You have to login to your B2C Tenant.

After successful Registration configure following step for implicit grant flow.

Reply URLs

Make sure you have done this step accordingly:

Go to Settings and add postman callback URL to : https://www.getpostman.com/oauth2/callback

Once you enter this URL correctly click on Save upper left.

See the screen shot below:

Edit Manifest

For implicit grand flow click on your application manifest and search oauth2AllowImplicitFlow property make it to true

see the screen shot below:

Your settings for azure B2C is done for implicit grant flow API call.

Postman

Now fire up your post man and select request type as OAuth 2.0 Like below:

Now Click on Get New Access Token and new popup will appear

See the screen shot below:

Add your tenant ID on Auth URL Like this :

https://login.microsoftonline.com/YourB2CTenantId/oauth2/authorize?resource=https://graph.microsoft.com

Set Your Client Id

Set Scope you want to access

Now click on Request Token In response you will get your implicit grant access token:

see the screen shot:

Access Data With this Token:

Copy the token you have accessed already on the Token textbox and select token type as Bearer Token

See the screen shot below:

So tricky part for implicit flow is to set up manifest property oauth2AllowImplicitFlow to true

Hope this could solve your problem. Thank you