Sign In/ Sign Up redirect throwing an error.

[jorgecolon413]

This issue is for a: (mark with an x)

- [X] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

The issue was found for the following scenario:

Please add an 'x' for the scenario(s) where you found an issue

1. Web app that signs in users
   1. with a work and school account in your organization: 1-WebApp-OIDC/1-1-MyOrg
   2. with any work and school account: /1-WebApp-OIDC/1-2-AnyOrg
   3. with any work or school account or Microsoft personal account: 1-WebApp-OIDC/1-3-AnyOrgOrPersonal
   4. with users in National or sovereign clouds 1-WebApp-OIDC/1-4-Sovereign
   5. with B2C users 1-WebApp-OIDC/1-5-B2C
2. Web app that calls Microsoft Graph
   1. Calling graph with the Microsoft Graph SDK: 2-WebApp-graph-user/2-1-Call-MSGraph
   2. With specific token caches: 2-WebApp-graph-user/2-2-TokenCache
   3. Calling Microsoft Graph in national clouds: 2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph
3. Web app calling several APIs 3-WebApp-multi-APIs
4. Web app calling your own Web API
   1. with a work and school account in your organization: 4-WebApp-your-API/4-1-MyOrg
   2. with B2C users: 4-WebApp-your-API/4-2-B2C
   3. with any work and school account: 4-WebApp-your-API/4-3-AnyOrg
5. Web app restricting users
   1. by Roles: 5-WebApp-AuthZ/5-1-Roles
   2. by Groups: 5-WebApp-AuthZ/5-2-Groups
6. Deployment to Azure
7. Other (please describe)

Repro-ing the issue

Repro steps
Already had a b2c tenant configured to work with this sample specifically.

1. Clone the repo.
2. Change appsetting.json file properties:

 "AzureAdB2C": {
    "Instance": "https://xxxxxxxxx.b2clogin.com",
    "ClientId": "xxxxxxxxx",
    "Domain": "xxxxxxxxx.onmicrosoft.com",
    "SignedOutCallbackPath": "",
    "SignUpSignInPolicyId": "B2C_1_SignUpIn",
    "ResetPasswordPolicyId": "B2C_1_PasswordReset",
    "EditProfilePolicyId": "B2C_1_ProfileEdit" // Optional profile editing policy
    //"CallbackPath": "/signin/B2C_1_sign_up_in"  // defaults to /signin-oidc
  },

4. Compile and run the app.
5. Click the sign in button.

Expected behavior
Click the sign in button after running the app and being redirected to the flow for the policy of sign in configured on the b2c tenant.

Actual behavior
it throws the following error:

Additional context/ Error codes / Screenshots
Somehow, it work as expected in one instance. After changing from a non proxied wifi to one more secure, it redirected me correctly and I manage to do a sign up but, changed the wifi to the non proxied on and it continue to throw the above mentioned error. Did not changed anything else on the code. After that point, it continued to throw the before mention error even when changing to the same wifi as before.

The test where to see how the url compares to the one generated by the flow test at the azure portal since it works there.

1. b2c flow policy test url:

https://xxxxxxxxx.b2clogin.com/xxxxxxxxx.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1_SignUpIn&client_id=xxxxxxxxx&nonce=defaultNonce&redirect_uri=https%3A%2F%2Flocalhost%3A44313&scope=openid&response_type=code&prompt=login

2. The web app generated url:

https://xxxxxxxxx.b2clogin.com/xxxxxxxxx.onmicrosoft.com/b2c_1_signupin/oauth2/v2.0/authorize?client_id=xxxxxxxxx&redirect_uri=https%3A%2F%2Flocalhost%3A44316%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=638126746141293368.MDEyNWMyNzgtNjJmYS00ZTY5LWFkM2ItY2ZmOGJkMTRjZWEyNDNkYjZlMTItOTZhNS00ZDc5LWIwZDEtZjQ1YTJkNjRkZmJk&client_info=1&x-client-brkrver=IDWeb.1.25.10.0&state=CfDJ8NSUljq7ljFNr-nX7P-mS2SwujXUdZf7ymH4ZPWAW9GEM45OQNr0FE7vwLNE_0RIJkKEsTBkKhI8E1ZBYdNo1E888yGVDFEh0V1ZQrnb2M7ioR5r73rxOh1XORlypRgzwzLx2JTvU4JaKWBvm4Tx5YhsTJWdH9Y7Cu5Qlp959HG2k_-lRzj84eXsBs1bx8qYwoNJMP9IqplMeuPnz9XuSi0FA2oSVzFFiElUS2iyLsV21AlA2kRxmR6xT7OjQyZF_olQ_ndPFEzop6FZfYksHkUxWbocAXbR_CEf4RT9X0Ar&x-client-SKU=ID_NET6_0&x-client-ver=6.25.1.0

Any log messages given by the failure

Add any other context about the problem here, such as logs.

• You can enable Middleware diagnostics by uncommenting the following lines
• You can enable personally identifiable information in your exceptions to get more information in the open id connect middleware see Seeing [PII is hidden] in log messages
• Logging for MSAL.NET is described at Loggin in MSAL.NET

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)
Windows 10 enterprise

Versions

of ASP.NET Core, of MSAL.NET
6.0

Attempting to troubleshooting yourself:

• did you go through the README.md in the folder where you found the issue? Yes
• did you go through the documentation:
  • Scenario: Web app that signs in users
  • Scenario: Web app that calls web APIs

Found a similar issue:
https://github.com/MicrosoftDocs/azure-docs/issues/97080
and did the change to check all the options as follow:

---

Thanks! We'll be in touch soon.

[asenright]

This is definitely an issue, I encountered this as well when following MS' tutorials on B2C setup for .NET 6

[juantarquino-ssb]

Same here, I encountered the same exact issue when following the instrcutions at https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-authentication-sample-web-app?tabs=visual-studio for the sample project at https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC/1-5-B2C

[cflannery91]

Have the exact same problem following same tutorials.

Adding the following snippet in Program.cs (or ConfigureServices in Startup.cs if you're using the old web app scaffolding) seems to solve the problem for the Sign In piece.

services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
    options.ResponseType = OpenIdConnectResponseType.Code;
    options.Scope.Add(options.ClientId);
});

You also need to create a ClientSecret under Azure AD -> App Registrations -> [App] -> Clients & secrets and then add the ClientSecret variable to the appsettings.json under the AzureAdB2C
(NB: Don't do this in production or in anything but local dev. Use user-secrets or Azure Key Vault for storing secrets)

Unfortunately this only solves the problem for SignIn/Signout. The Edit Profile user flow still does not work with this workaround.

[JayWilk]

Can replicate this. Bit of a pain.

[benjaminsampica]

Ran into this as well. Please fix the docs!

[Kev8144]

Any updates on this?

[pthivierge-sayona]

Same problem here, any update?

[garrettlondon1]

Same issue

[alexandre-guimond]

I'm running into the same issue (which I've described here: https://stackoverflow.com/questions/78887827/aadb2c90057-the-provided-application-is-not-configured-to-allow-the-oauth-im). Should this sample (1-5-B2C) now be working? Is this a documentation issue, or is it a feature problem? If the former, might there be a working example available somewhere?

[showtroylove]

This issue is still unresolved? Are there any workaround at least? Why use this tech if you're going to run into more problems than you would managing your own user database?