Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] AAD B2C cannot complete well know metadata acquisition through Issuer. #21036

Closed
ZhuXiaoBing-cn opened this issue Apr 29, 2021 · 2 comments · Fixed by #21050
Closed

[BUG] AAD B2C cannot complete well know metadata acquisition through Issuer. #21036

ZhuXiaoBing-cn opened this issue Apr 29, 2021 · 2 comments · Fixed by #21050
Assignees
@saragluna
Labels
azure-spring All azure-spring related issues azure-spring-aad-b2c Spring active directory b2c related issues. Client This issue points to a problem in the data-plane of the library.
Projects
Spring Cloud Azure
Milestone
[2021] June

Comments

@ZhuXiaoBing-cn
Copy link
Contributor

ZhuXiaoBing-cn commented Apr 29, 2021
edited

Describe the bug
The access token obtained by UserFlow at the AAD B2C Endpoint has two cases,
The first kind, the access token of the issuer is https://xxxx.b2clogin.com/tenant-id/v2.0/, this issuer is unable to get a list of metadata by splicing well known.

In the second, the access token issuer is https://xxxx.b2clogin.com/tfp/tenant-id/user-flow-name/v2.0/, this issuer can obtain metadata by splicing well known.

So the user is now throwing an exception in the first case, causing the process to stop moving forward.
@ghost ghost added the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Apr 29, 2021
@saragluna saragluna added azure-spring All azure-spring related issues azure-spring-aad-b2c Spring active directory b2c related issues. Client This issue points to a problem in the data-plane of the library. labels Apr 29, 2021
@ghost ghost removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Apr 29, 2021
@saragluna saragluna self-assigned this Apr 29, 2021
@saragluna saragluna added this to the [2021] June milestone Apr 29, 2021
@saragluna saragluna added this to To do in Spring Cloud Azure via automation Apr 29, 2021
@saragluna saragluna linked a pull request Apr 29, 2021 that will close this issue
Fix AAD B2C cannot complete well know metadata acquisition through issuer. #21050
Merged
@ZhuXiaoBing-cn
Copy link
Contributor Author

ZhuXiaoBing-cn commented May 6, 2021
edited by saragluna

Current situation:
When I use aad b2c, I can get two types of issuer in the access token through user flow. They are:

For the first type of issuer, the user flow name is not included, and there is no way to obtain OpenID Connect metadata documents through issuer splicing /.well-known/openid-configuration. The second issuer can do it.

Current thoughts:
A map, the key is used to store the trusted issuer, and value is used to store the well-known base uri. We need to process the well-known base uri for:

Then, when requesting the aad b2c resource server, an access token received is analyzed to obtain an issuer claim. Compare it with the trusted Issuer, if the same, the well-known base uri will be obtained through the trusted Issuer.

Users only need to manually configure what they need.

@ZhuXiaoBing-cn
Copy link
Contributor Author

Obtaining OpenID Provider Configuration Information: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig

Spring Cloud Azure automation moved this from To do to Done May 14, 2021
@github-actions github-actions bot locked and limited conversation to collaborators Apr 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@saragluna saragluna

Labels
azure-spring All azure-spring related issues azure-spring-aad-b2c Spring active directory b2c related issues. Client This issue points to a problem in the data-plane of the library.
Projects
No open projects
Spring Cloud Azure
Done
Milestone
[2021] June
2 participants
@saragluna @ZhuXiaoBing-cn