Azure AD B2C 上 Xamarin.Forms 抛出错误 B2C '权限' Uri 应该至少有 3 个段

Question

I am trying to integrate Azure AD B2C into a Xamarin.Forms app. I am following THIS GUIDE as a starter. I have created Azure AD B2C tenant. When I open the endpoints of the tenant here is what I see

As you can see the general pattern for URL is https://TENANT.b2clogin.com/TENANT.onmicrosoft.com/<policy-name>/

However, inside the sample the URL is formed differently: https://TENANT.b2clogin.com/tfp/TENANT.onmicrosoft.com/<policy-name>/

Notice the tfp bit.

If I remove the tfp part from the URL formation, as soon as these lines are executed

 var builder = PublicClientApplicationBuilder.Create(B2CConstants.ClientID)
                .WithB2CAuthority(B2CConstants.AuthoritySignInSignUp)
                .WithIosKeychainSecurityGroup(B2CConstants.IOSKeyChainGroup)
                .WithRedirectUri($"msal{B2CConstants.ClientID}://auth");

I receive the following exception

System.ArgumentException: B2C 'authority' Uri should have at least 3 segments in the path (i.e. https://<host>/tfp/<tenant>/<policy>/...)

Obviously, the MSAL.NET API expects the the URI should contain the tfp bit, but the endpoints are really without that.

I am using the the 4.17.1 version of Microsoft.Identity.Client .

It does seem that the latest APIs in MSAL.NET are not compatible with the latest Azure AD B2C. Is there any workaround?

Answer 1

It appears I was doing it wrong. I shouldn't have used the endpoints from the B2C itself, rather I should have created specific iOS & Android app registrations. Here's what I have done.

1. I have registered new public client/native application
2. I have added iOS & Android platforms with correct bundle IDs
3. After this, I have opened app specific platform registration details
4. I have copied the client id & redirect uri from there.
5. Replaced the redirect URIs for each platform with correct values
6. Used the url that comes with 'tfp' in it

After these steps all worked OK.