New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is there sample for getting aadb2c Access Token for Blazor Server side? #17578
Comments
@Alienroid ... Were you able to configure the |
This page (and the github sample)only had for aad. I just found AzureADB2CDefaults, will try that later today.
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Luke Latham <notifications@github.com>
Sent: Thursday, April 2, 2020 7:01:36 AM
To: dotnet/AspNetCore.Docs <AspNetCore.Docs@noreply.github.com>
Cc: Alienroid <iam31337@hotmail.com>; Mention <mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
@Alienroid<https://github.com/Alienroid> ... Were you able to configure the OpenIdConnectOptions for AAD B2C? ... did you give it a shot to see if you could get the app to authenticate against the provider?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMRKE3NPNKUP3O52RWTRKSLEBANCNFSM4L2DEJQA>.
|
From template, the authentication is using
services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(options => { Configuration.Bind("AzureAdB2C", options); });
I didn't realize I need to add services.Configure<OpenIdConnectOptions>(AzureADB2CDefaults.OpenIdScheme, options =>...
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Jason Chen <iam31337@hotmail.com>
Sent: Thursday, April 2, 2020 7:12:07 AM
To: dotnet/AspNetCore.Docs <reply@reply.github.com>; dotnet/AspNetCore.Docs <AspNetCore.Docs@noreply.github.com>
Cc: Mention <mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
This page (and the github sample)only had for aad. I just found AzureADB2CDefaults, will try that later today.
Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: Luke Latham <notifications@github.com>
Sent: Thursday, April 2, 2020 7:01:36 AM
To: dotnet/AspNetCore.Docs <AspNetCore.Docs@noreply.github.com>
Cc: Alienroid <iam31337@hotmail.com>; Mention <mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
@Alienroid<https://github.com/Alienroid> ... Were you able to configure the OpenIdConnectOptions for AAD B2C? ... did you give it a shot to see if you could get the app to authenticate against the provider?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMRKE3NPNKUP3O52RWTRKSLEBANCNFSM4L2DEJQA>.
|
Ah ... I see. I'm just getting into these configurations myself. I'll repro the setup here, get it working, and then enhance that section for B2C. |
Here's the reference that I mentioned https://stackoverflow.com/questions/58985388/confused-on-how-to-get-access-tokens-from-b2c-in-blazor-app
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Luke Latham <notifications@github.com>
Sent: Thursday, April 2, 2020 8:06:44 AM
To: dotnet/AspNetCore.Docs <AspNetCore.Docs@noreply.github.com>
Cc: Alienroid <iam31337@hotmail.com>; Mention <mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
Ah ... I see. I'm just getting into these configurations myself. I'll repro the set up here, get it working, and then enhance that section for B2C.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMSFIPTC6DE55PKEAQTRKSSYJANCNFSM4L2DEJQA>.
|
From the stackoverflow I posted earlier, following Oyvind Habberstad<https://stackoverflow.com/users/3080858/oyvind-habberstad>’s answer, I was able to login using OpenId Connect , set breakpoint at OpenIdConnectController.GetUser I was able to get access token on blazor server side
The issue is that using OpenIDConnect this way, we are not using user flow. I could only log in with Microsoft account and not other identity providers.
I’ll try another solution later. But I think it would make sense that following services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(options => { Configuration.Bind("AzureAdB2C", options); });
We should be able to get access token some easier way. I am new with this whole thing so… it’s possible I am missing something completely.
Maybe what I really should do is after user is authenticated, I just request for a token from endpoint. But I thought auth should return access token as well.
Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10
From: Jason Chen<mailto:iam31337@hotmail.com>
Sent: Thursday, April 2, 2020 8:26 AM
To: dotnet/AspNetCore.Docs<mailto:reply@reply.github.com>; dotnet/AspNetCore.Docs<mailto:AspNetCore.Docs@noreply.github.com>
Cc: Mention<mailto:mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
Here's the reference that I mentioned https://stackoverflow.com/questions/58985388/confused-on-how-to-get-access-tokens-from-b2c-in-blazor-app
Get Outlook for iOS<https://aka.ms/o0ukef>
From: Luke Latham <notifications@github.com>
Sent: Thursday, April 2, 2020 8:06:44 AM
To: dotnet/AspNetCore.Docs <AspNetCore.Docs@noreply.github.com>
Cc: Alienroid <iam31337@hotmail.com>; Mention <mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
Ah ... I see. I'm just getting into these configurations myself. I'll repro the set up here, get it working, and then enhance that section for B2C.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMSFIPTC6DE55PKEAQTRKSSYJANCNFSM4L2DEJQA>.
|
Tried the other solution from that SO link as well as the sample from the Passing tokens to a server-side Blazor application<https://github.com/javiercn/blazor-server-aad-sample>.. Neither worked for me. I guess I’ll wait for some official solution. Thanks.
Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10
From: Jason Chen<mailto:iam31337@hotmail.com>
Sent: Thursday, April 2, 2020 11:34 AM
To: dotnet/AspNetCore.Docs<mailto:reply@reply.github.com>; dotnet/AspNetCore.Docs<mailto:AspNetCore.Docs@noreply.github.com>
Cc: Mention<mailto:mention@noreply.github.com>
Subject: RE: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
From the stackoverflow I posted earlier, following Oyvind Habberstad<https://stackoverflow.com/users/3080858/oyvind-habberstad>’s answer, I was able to login using OpenId Connect , set breakpoint at OpenIdConnectController.GetUser I was able to get access token on blazor server side
The issue is that using OpenIDConnect this way, we are not using user flow. I could only log in with Microsoft account and not other identity providers.
I’ll try another solution later. But I think it would make sense that following services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(options => { Configuration.Bind("AzureAdB2C", options); });
We should be able to get access token some easier way. I am new with this whole thing so… it’s possible I am missing something completely.
Maybe what I really should do is after user is authenticated, I just request for a token from endpoint. But I thought auth should return access token as well.
Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10
From: Jason Chen<mailto:iam31337@hotmail.com>
Sent: Thursday, April 2, 2020 8:26 AM
To: dotnet/AspNetCore.Docs<mailto:reply@reply.github.com>; dotnet/AspNetCore.Docs<mailto:AspNetCore.Docs@noreply.github.com>
Cc: Mention<mailto:mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
Here's the reference that I mentioned https://stackoverflow.com/questions/58985388/confused-on-how-to-get-access-tokens-from-b2c-in-blazor-app
Get Outlook for iOS<https://aka.ms/o0ukef>
From: Luke Latham <notifications@github.com>
Sent: Thursday, April 2, 2020 8:06:44 AM
To: dotnet/AspNetCore.Docs <AspNetCore.Docs@noreply.github.com>
Cc: Alienroid <iam31337@hotmail.com>; Mention <mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
Ah ... I see. I'm just getting into these configurations myself. I'll repro the set up here, get it working, and then enhance that section for B2C.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMSFIPTC6DE55PKEAQTRKSSYJANCNFSM4L2DEJQA>.
|
Ugh! I threw together a quick new Blazor Server app using the VS new project process to take a quick 🏃 look at this issue, and the app failed to fire up. I must have configured it incorrectly somehow. I'll return to this issue shortly ... in a day or two. I'm working on something else right now: I'm working out the scenarios for using AD roles and groups in the hosted scenario. I'll get back to this as soon as I can. 🏃😅 |
Stocks up! Time to kick back a little
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Luke Latham <notifications@github.com>
Sent: Monday, April 6, 2020 6:57:17 AM
To: dotnet/AspNetCore.Docs <AspNetCore.Docs@noreply.github.com>
Cc: Alienroid <iam31337@hotmail.com>; Mention <mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
Ugh! I threw together a quick new Blazor Server app using the VS new project process to take a quick 🏃 look at this issue, and the app failed to fire up. I must have configured it incorrectly somehow. I'll return to this issue shortly ... in a day or two. I'm working on something else right now: I'm working out the scenarios for using AD roles and groups in the hosted scenario. I'll get back to this as soon as I can. 🏃😅
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMXJBFQHZKNRS7EM4U3RLHNT3ANCNFSM4L2DEJQA>.
|
Sorry ... At MS, that's Not a Thing!™️ 😄 |
I remembered the mini fridge full of beers ;)
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Luke Latham <notifications@github.com>
Sent: Monday, April 6, 2020 7:00:08 AM
To: dotnet/AspNetCore.Docs <AspNetCore.Docs@noreply.github.com>
Cc: Alienroid <iam31337@hotmail.com>; Mention <mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
kick back
Sorry ... At MS, that's Not a Thing!™️ 😄
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMV27OPPYFANA7YV3WTRLHN6RANCNFSM4L2DEJQA>.
|
I've been struggling with this for a while too. For me it looks like the problem is in startup - configureServices
I haven't figured out how to even debug this yet, but if this is in my startup as the documentation says I get an error page. |
Best bet is to open this scenario with engineering @Alienroid ... and then @kristiangronli can add a 👍 to it. https://github.com/dotnet/aspnetcore/issues Add a "cc: @guardrex" to your opening comment, cross-reference this issue, and leave this issue open. |
Hi Folks, Very timely thread.
I'll update as results are available. |
Thanks for your work in this area. Your notes will be a 🐘 HUGE 🐘 help as I work thru a lot of the same things. I was busy with other priority issues; but now, I'm back to focusing on security. Blazor WASM topics are receiving an update today, and I'll get to Blazor Server shortly. I'll probably take a look at this ... your notes @bdnts ... and another look at Javier's notes at https://gist.github.com/javiercn/62044bab948e42cc9e4e695e4aaee7b8#considerations-with-the-app-id-uri. I need to work out how well or poorly scaffolding is going, and I see the concerns about everything working except SignInManager, which isn't supported in components. |
Quick note, I succeeded in getting Blazor Server connected to AAD B2C. I revisited this page, reapplied everything in Pass tokens to a Blazor Server App--which works fine for AAD. But then found https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC/1-5-B2C, and set services as It worked! OMG it worked! This was definitely The Thing. Another note, also added; |
@bdnts is it only for OIDC? because aadb2c also have other login like facebook, Google, and plain email login. As I mentioned earlier, I haven't figure out anyway to use user flow (which is a key feature of aadb2c) to acquire access token.
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: bdnts <notifications@github.com>
Sent: Wednesday, April 8, 2020 8:49:52 PM
To: dotnet/AspNetCore.Docs <AspNetCore.Docs@noreply.github.com>
Cc: Alienroid <iam31337@hotmail.com>; Mention <mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
Quick note, I succeeded in getting Blazor Server connected to AAD B2C. I revisited this page, reapplied everything in Pass tokens to a Blazor Server App--which works fine for AAD. But then found https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC/1-5-B2C, and set services as
services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options));
services.Configure(Configuration.GetSection("AzureAdB2C"));
It worked! OMG it worked! This was definitely The Thing.
Another note, also added;
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
to get comprehensive error messages instead of System.IO.IOException: IDX20807: Unable to retrieve document from: '[PII is hidden. With ShowPII=true, I was able to identify some configuration mistakes in appsetting.json. More tomorrow.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMXWAOB2PQPRIZWFHBDRLVAWBANCNFSM4L2DEJQA>.
|
NtnMaybe I should word it differently.
Using the reference (https://github.com/yberstad/BlazorAuth), I was able to log in using only Microsoft account (all user flow configured in aadb2c was loss). No Facebook, Google or plain email login. This method I was able to acquire access token as I mentioned earlier.
However, scaffolding code from template is using
services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(options => { Configuration.Bind("AzureAdB2C", options); });
Which is great that I can log in using the user flow I defined in my aadb2c, which can login with Microsoft Facebook Google and plain email. The issue is I have no idea how to get access token this way.
If there's way to integrate both, with a reference code from Microsoft, that would be great.
@bdnts how did you get access token
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Jason Chen <iam31337@hotmail.com>
Sent: Wednesday, April 8, 2020 9:11:01 PM
To: dotnet/AspNetCore.Docs <reply@reply.github.com>; dotnet/AspNetCore.Docs <AspNetCore.Docs@noreply.github.com>
Cc: Mention <mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
@bdnts is it only for OIDC? because aadb2c also have other login like facebook, Google, and plain email login. As I mentioned earlier, I haven't figure out anyway to use user flow (which is a key feature of aadb2c) to acquire access token.
Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: bdnts <notifications@github.com>
Sent: Wednesday, April 8, 2020 8:49:52 PM
To: dotnet/AspNetCore.Docs <AspNetCore.Docs@noreply.github.com>
Cc: Alienroid <iam31337@hotmail.com>; Mention <mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
Quick note, I succeeded in getting Blazor Server connected to AAD B2C. I revisited this page, reapplied everything in Pass tokens to a Blazor Server App--which works fine for AAD. But then found https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC/1-5-B2C, and set services as
services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options));
services.Configure(Configuration.GetSection("AzureAdB2C"));
It worked! OMG it worked! This was definitely The Thing.
Another note, also added;
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
to get comprehensive error messages instead of System.IO.IOException: IDX20807: Unable to retrieve document from: '[PII is hidden. With ShowPII=true, I was able to identify some configuration mistakes in appsetting.json. More tomorrow.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMXWAOB2PQPRIZWFHBDRLVAWBANCNFSM4L2DEJQA>.
|
See https://github.com/javiercn/blazor-server-aad-sample for details on how to do this. It is the same for Azure ADB2C. @guardrex Is there a separate issue tracking this doc? (I believe I filed one) if not, either repurpose this with the provided content or close this and point to the other one. |
What is the options.Resource = "<<resource>>";
I'll try this again. I think last time I ran this sample, it only load the Microsoft account during login and not the other (Facebook, Google or plain email)
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Javier Calvarro Nelson <notifications@github.com>
Sent: Thursday, April 9, 2020 1:34:45 AM
To: dotnet/AspNetCore.Docs <AspNetCore.Docs@noreply.github.com>
Cc: Alienroid <iam31337@hotmail.com>; Mention <mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
See https://github.com/javiercn/blazor-server-aad-sample for details on how to do this. It is the same for Azure ADB2C.
@guardrex<https://github.com/guardrex> Is there a separate issue tracking this doc? (I believe I filed one) if not, either repurpose this with the provided content or close this and point to the other one.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMTNFGL7J7AC43RODFLRLWCCLANCNFSM4L2DEJQA>.
|
Gee whiz, you guys work crazy hours like I do. I'm in PDT about ready to call it a night. Answers to some of the questions above: I'm building an end-to-end vertical stack of AAD, B2C, Blazor, Email sign-in. Once I can get that done and working, then I'll see about going horizontal with the other identity connectors. For @javiercn I actually found some differences AAD and AADB2C. There is a treasure map doc I found (see below) that tackles B2C, and I mashed that work up with this document. That is how I got my first project working. I just checked in all my work to date on BlazorADB2C in GitHuB, for you guys to look at (and laugh at) since you're awake. I think I have a corruption in the key store, because this version is not working right, but is identical to my working project. Azure configs is matching original also. But I wanted to give you visibility to help you along. I'll get the Readme.Md and notes in tomorrow. Here is the material I've been using to pull all this together:
Start with the Aure Active Directory B2C docs. Laters |
I was in bed until Javier send that email. 3 hrs later, I am still up. This is more of a fun thing for me to really learn this.
Just checked out your profile. I grew up in Vancouver BC too 😉
Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10
From: bdnts<mailto:notifications@github.com>
Sent: Thursday, April 9, 2020 3:33 AM
To: dotnet/AspNetCore.Docs<mailto:AspNetCore.Docs@noreply.github.com>
Cc: Alienroid<mailto:iam31337@hotmail.com>; Mention<mailto:mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
Gee whiz, you guys work crazy hours like I do. I'm in PDT about ready to call it a night.
Answers to some of the questions above: I'm building an end-to-end vertical stack of AAD, B2C, Blazor, Email sign-in. Once I can get that done and working, then I'll see about going horizontal with the other identity connectors.
For @javiercn<https://github.com/javiercn> I actually found some differences AAD and AADB2C. There is a treasure map doc I found (see below) that tackles B2C, and I mashed that work up with this document. That is how I got my first project working.
I just checked in all my work to date on BlazorADB2C in GitHuB, for you guys to look at (and laugh at) since you're awake. I think I have a corruption in the key store, because this version is not working right, but is identical to my working project. Azure configs is matching original also. But I wanted to give you visibility to help you along. I'll get the Readme.Md and notes in tomorrow.
Here is the material I've been using to pull all this together:
* Azure Active Directory B2C documentation: https://docs.microsoft.com/en-us/azure/active-directory-b2c/
* Secure ASP.NET Core Blazor Server apps: https://docs.microsoft.com/en-us/aspnet/core/security/blazor/server?view=aspnetcore-3.1&tabs=visual-studio
* Get started with ASP.NET Core Blazor: https://docs.microsoft.com/en-us/aspnet/core/blazor/get-started?view=aspnetcore-3.1&tabs=visual-studio
* Tutorial - Enable your Web Apps to sign-in users and call APIs with the Microsoft identity platform for developers https://docs.microsoft.com/en-us/samples/azure-samples/active-directory-aspnetcore-webapp-openidconnect-v2/enable-webapp-signin/
* This last entry is a treasure map of Microsoft Identity.
* Just remember treasures are booby trapped.
Start with the Aure Active Directory B2C docs.
If you want to explore code, go to the treasure map, and Sample 1-5, https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC/1-5-B2C Is the nearest I could find for Blazor.
Laters
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMSP44WPIHDLUCP2RYDRLWP5ZANCNFSM4L2DEJQA>.
|
Javier is GOD!
Using his sample, I changed the following:
services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options));
Scope need to add:
options.Scope.Add("https://{domain}.onmicrosoft.com/api/demo.read");
I left out resource since I have no idea what’s that from documentation nor code.
I was able to get the access token.
One side note. His sample code have options.Scope.Add(“offline_access”);
I made the mistake of thinking I only need to add “demo.read” instead of the whole path. Adding the whole path solved my issue. Again, this is not documented? I just happen to read some code that doesn’t work on SO who had this line somewhere.
Time for bed. Thanks everyone.
Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10
From: Jason Chen<mailto:iam31337@hotmail.com>
Sent: Thursday, April 9, 2020 3:38 AM
To: dotnet/AspNetCore.Docs<mailto:reply@reply.github.com>; dotnet/AspNetCore.Docs<mailto:AspNetCore.Docs@noreply.github.com>
Cc: Mention<mailto:mention@noreply.github.com>
Subject: RE: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
I was in bed until Javier send that email. 3 hrs later, I am still up. This is more of a fun thing for me to really learn this.
Just checked out your profile. I grew up in Vancouver BC too 😉
Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10
From: bdnts<mailto:notifications@github.com>
Sent: Thursday, April 9, 2020 3:33 AM
To: dotnet/AspNetCore.Docs<mailto:AspNetCore.Docs@noreply.github.com>
Cc: Alienroid<mailto:iam31337@hotmail.com>; Mention<mailto:mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
Gee whiz, you guys work crazy hours like I do. I'm in PDT about ready to call it a night.
Answers to some of the questions above: I'm building an end-to-end vertical stack of AAD, B2C, Blazor, Email sign-in. Once I can get that done and working, then I'll see about going horizontal with the other identity connectors.
For @javiercn<https://github.com/javiercn> I actually found some differences AAD and AADB2C. There is a treasure map doc I found (see below) that tackles B2C, and I mashed that work up with this document. That is how I got my first project working.
I just checked in all my work to date on BlazorADB2C in GitHuB, for you guys to look at (and laugh at) since you're awake. I think I have a corruption in the key store, because this version is not working right, but is identical to my working project. Azure configs is matching original also. But I wanted to give you visibility to help you along. I'll get the Readme.Md and notes in tomorrow.
Here is the material I've been using to pull all this together:
* Azure Active Directory B2C documentation: https://docs.microsoft.com/en-us/azure/active-directory-b2c/
* Secure ASP.NET Core Blazor Server apps: https://docs.microsoft.com/en-us/aspnet/core/security/blazor/server?view=aspnetcore-3.1&tabs=visual-studio
* Get started with ASP.NET Core Blazor: https://docs.microsoft.com/en-us/aspnet/core/blazor/get-started?view=aspnetcore-3.1&tabs=visual-studio
* Tutorial - Enable your Web Apps to sign-in users and call APIs with the Microsoft identity platform for developers https://docs.microsoft.com/en-us/samples/azure-samples/active-directory-aspnetcore-webapp-openidconnect-v2/enable-webapp-signin/
* This last entry is a treasure map of Microsoft Identity.
* Just remember treasures are booby trapped.
Start with the Aure Active Directory B2C docs.
If you want to explore code, go to the treasure map, and Sample 1-5, https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC/1-5-B2C Is the nearest I could find for Blazor.
Laters
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMSP44WPIHDLUCP2RYDRLWP5ZANCNFSM4L2DEJQA>.
|
@javiercn ... Yes, you did at #17221, and it was worked on #17420. The content is here 👉 https://docs.microsoft.com/en-us/aspnet/core/security/blazor/server?view=aspnetcore-3.1&tabs=visual-studio#pass-tokens-to-a-blazor-server-app ... I simply haven't had time to try it myself. If there's nothing else to say, I'll close this when I check it out. We obviously don't need full topics to cover different provider scenarios, but we might need different provider sections in the Blazor Server topic if there's anything specific to say about the scenarios. |
I'm still struggling with errors on this. `` services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme) services.Configure(AzureADB2CDefaults.OpenIdScheme, options => Running this code I end up with: Error. if I comment out //options.ResponseType = "code"; I've uploaded my work in progress here: https://github.com/kristiangronli/AppsConfiguredWithB2C |
@kristiangronli<mailto:notifications@github.com>
I forgot to mention, I changed the options.ResponseType = “code id_token”;
If you only have code, you’ll get some message saying it’s expecting both id token and access token.
Also, make sure your domain defined ‘api’ and your scope is defined ‘read’ in AADB2C
Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10
From: kristiangronli<mailto:notifications@github.com>
Sent: Thursday, April 9, 2020 9:00 AM
To: dotnet/AspNetCore.Docs<mailto:AspNetCore.Docs@noreply.github.com>
Cc: Alienroid<mailto:iam31337@hotmail.com>; Mention<mailto:mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
I'm still struggling with errors on this.
Following the instructions from @javiercn<https://github.com/javiercn> and following @Alienroid<https://github.com/Alienroid> I end up with:
``
services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options));
services.Configure(AzureADB2CDefaults.OpenIdScheme, options =>
{
options.ResponseType = "code";
options.SaveTokens = true;
options.Scope.Add("offline_access");
options.Scope.Add("https://******.onmicrosoft.com/api/read");
});
Running this code I end up with: Error.
An error occurred while processing your request
if I comment out //options.ResponseType = "code";
I can still sign in as usual, but my token and TokenProvider object is still null?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMRU62KDSG2FFWHF6N3RLXWIFANCNFSM4L2DEJQA>.
|
@Alienroid Thank you - I still get the same error message even if I changed the options.ResponseType = “code id_token”. |
Not sure it matters,
But in the AzureAdB2C Instance, I have it end in …b2clogin.com/tfp/
Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10
From: kristiangronli<mailto:notifications@github.com>
Sent: Thursday, April 9, 2020 10:10 AM
To: dotnet/AspNetCore.Docs<mailto:AspNetCore.Docs@noreply.github.com>
Cc: Alienroid<mailto:iam31337@hotmail.com>; Mention<mailto:mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
@Alienroid<https://github.com/Alienroid> Thank you - I still get the same error message even if I changed the options.ResponseType = “code id_token”.
Can you possibly take a quick look at my code and see if it it different from yours?
https://github.com/kristiangronli/AppsConfiguredWithB2C/blob/master/BlazorServerApp/Startup.cs
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMRYLDCXFMKVQTVYSVLRLX6R3ANCNFSM4L2DEJQA>.
|
Howdy. So found a post by Steve Sanderson, July, 2019, says the Blazor template works "out of the box" with ADB2C. Well, he's right! I re-worked my BlazorAdB2C project from scratch, and it works just fine. Still have a LOT of testing to do, questions work out, but it is a stepping stone. I've put my notes into the Readme.md, in which GitHub stripped supposedly legal html, so formatting is off. |
This will be for tomorrow ... Tuesday ... or Wednesday ... we'll see. I've been working on other issues and still have two more things to resolve before hitting an inevitable CoreBrainFry!™️ 🧠🔥😵🚒. EDIT Yes, perhaps Wednesday .... maybe .... if possible. EDIT TODAY! ... I'll be working on this today, Wednesday, 4/22. |
@Alienroid In your work with this scenario (B2C with signin and access token), did you ever hit ...
If so, how did you address it? |
Yes. You need to add 'code'
options.ResponseType = “code id_token”;
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Luke Latham <notifications@github.com>
Sent: Wednesday, April 29, 2020 2:00:20 PM
To: dotnet/AspNetCore.Docs <AspNetCore.Docs@noreply.github.com>
Cc: Alienroid <iam31337@hotmail.com>; Mention <mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
@Alienroid<https://github.com/Alienroid> In your work with this scenario (B2C with signin and access token), did you ever hit ...
OpenIdConnectProtocolException: IDX21336: Both 'id_token' and 'access_token' should be present in OpenIdConnectProtocolValidationContext.ProtocolMessage received from Token Endpoint. Cannot process the message.
If so, how did you address it?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMTNZ64I2MLKLOP62H3RPCIOJANCNFSM4L2DEJQA>.
|
This is my notes: I posted April 9th:
Using his sample, I changed the following:
services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options));
Scope need to add:
options.Scope.Add("https://{domain}.onmicrosoft.com/api/demo.read");
I left out resource since I have no idea what’s that from documentation nor code.
I was able to get the access token.
One side note. His sample code have options.Scope.Add(“offline_access”);
I made the mistake of thinking I only need to add “demo.read” instead of the whole path. Adding the whole path solved my issue. Again, this is not documented? I just happen to read some code that doesn’t work on SO who had this line somewhere.
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Jason Chen <iam31337@hotmail.com>
Sent: Wednesday, April 29, 2020 2:23:01 PM
To: dotnet/AspNetCore.Docs <reply@reply.github.com>; dotnet/AspNetCore.Docs <AspNetCore.Docs@noreply.github.com>
Cc: Mention <mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
Yes. You need to add 'code'
options.ResponseType = “code id_token”;
Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: Luke Latham <notifications@github.com>
Sent: Wednesday, April 29, 2020 2:00:20 PM
To: dotnet/AspNetCore.Docs <AspNetCore.Docs@noreply.github.com>
Cc: Alienroid <iam31337@hotmail.com>; Mention <mention@noreply.github.com>
Subject: Re: [dotnet/AspNetCore.Docs] Is there sample for getting aadb2c Access Token for Blazor Server side? (#17578)
@Alienroid<https://github.com/Alienroid> In your work with this scenario (B2C with signin and access token), did you ever hit ...
OpenIdConnectProtocolException: IDX21336: Both 'id_token' and 'access_token' should be present in OpenIdConnectProtocolValidationContext.ProtocolMessage received from Token Endpoint. Cannot process the message.
If so, how did you address it?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#17578 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AH3FBMTNZ64I2MLKLOP62H3RPCIOJANCNFSM4L2DEJQA>.
|
I think I have most of that covered. I'm trying to perform a Graph API call. I have it working for AAD, and I have the topic updates ready for that scenario. I'm just stuck with my AAD B2C config for the same setup. AFAIK, My config goes like this (fake data shown) ... "AzureAdB2C": {
"Instance": "https://contoso.b2clogin.com/tfp/",
"ClientId": "797a0993-aa8d-45f0-960a-e38e7b9a7a92",
"CallbackPath": "/signin-oidc",
"Domain": "contoso.onmicrosoft.com",
"SignUpSignInPolicyId": "B2C_1_signupsignin1",
"ResetPasswordPolicyId": "B2C_1_passwordreset1",
"EditProfilePolicyId": "B2C_1_EditProfile",
"ClientSecret": "hDj8v.vgb1A4S.8z]-=BOtyG8XmMtQ6L"
}, services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options));
services.Configure<OpenIdConnectOptions>(AzureADB2CDefaults.OpenIdScheme, options =>
{
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.SaveTokens = true;
options.Scope.Add("https://graph.microsoft.com/offline_access");
options.Scope.Add("https://graph.microsoft.com/openid");
options.Scope.Add("https://graph.microsoft.com/Organization.Read.All");
}); ... and that's very similar to my working AAD use case. It barfs up that error tho. If I change the The working 🎉 AAD use case goes like this (again, fake data here that will be used in the topic later) ... "AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "contoso.onmicrosoft.com",
"TenantId": "0bb2b57d-ced6-4486-a27e-97ae1e890343",
"ClientId": "ebf968f8-b368-401d-8efe-c11feebb686b",
"CallbackPath": "/signin-oidc",
"ClientSecret": "hDj8v.vgb1A4S.8z]-=BOtyG8XmMtQ6L"
} services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.ResponseType = OpenIdConnectResponseType.Code;
options.SaveTokens = true;
options.Scope.Add("https://graph.microsoft.com/Organization.Read.All");
options.Scope.Add("https://graph.microsoft.com/offline_access");
options.Resource = "https://graph.microsoft.com";
}); ... note the ... and that ✨ Just Works!™️ ✨, so I think my B2C app isn't too far off. |
We've mostly resolved the issue here. The patterns shown for access tokens are correct AFAIK. I still think I have a minor hiccup here with Hosted B2C + an API + a separate Graph API call; however, I'm going to look at that closer after all of the framework bits move to v2.0. |
Pass tokens to a Blazor Server app section is for AAD. Is there some reference on how to get azure ad b2c access token? Thanks.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: