B2C Custom Policy REST API error - Bad Request

Question

I have a B2c Custom policy defined that is supposed to call a token endpoint. Here is how I have tried to configure the policy:

<TechnicalProfile Id="GetTokenInformation">
  <DisplayName>Get Token Information</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="ServiceUrl">https://myazb2cidporg.b2clogin.com/myazb2cidporg.onmicrosoft.com/oauth2/v2.0/token</Item>
    <Item Key="AuthenticationType">None</Item>
    <Item Key="SendClaimsIn">Body</Item>
    <Item Key="HttpBinding">POST</Item>
  </Metadata>
  <CryptographicKeys>
    <Key Id="client_secret_post" StorageReferenceId="B2C_1A_myfederatedwebappsecret" />
  </CryptographicKeys>
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="code" PartnerClaimType="code" Required="true" />
    <InputClaim ClaimTypeReferenceId="redirect_uri" DefaultValue="https://jwt.ms" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="accessToken" PartnerClaimType="access_token" />
    <OutputClaim ClaimTypeReferenceId="refreshToken" PartnerClaimType="refresh_token" />
    <OutputClaim ClaimTypeReferenceId="idToken" PartnerClaimType="id_token" />
    <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />
    <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name" />
    <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
    <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />
  </OutputClaims>
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>

When tested the policy gives an error specifically for the Rest API call:

Exception Message:The claims exchange 'GetTokenInformation' specified in step '7' returned HTTP error response with Code 'BadRequest' and Reason 'Bad Request'., Exception Type:InvalidResponseException, CorrelationID:8bfd390f-62fa-4250-b0f5-4aa9d27c901f.

Additional details from traces:

"Key": "Exception",
Copy
    "Value": {
      "Kind": "Handled",
      "HResult": "80131500",
      "Message": "The claims exchange 'GetTokenInformation' specified in step '7' returned HTTP error response with Code 'BadRequest' and Reason 'Bad Request'.",
      "Data": {
        "IsPolicySpecificError": false
      },
      "Exception": {
        "Kind": "Handled",
        "HResult": "80131500",
        "Message": "Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details.",
        "Data": {}
      }

Unsure why this error is cropping up. How to address this issue?

Answer 1

I'm not sure what you are trying to do here, but that error means that the API call failed.

One way to debug this is to try the same call in Postman and check all the parameters work.

I have done something similar and posted about it here.

Update:

Look at the OIDC protocol.

Sending a code and a redirectURL is part of the auth. flow and is browser based. You can't do this from an API.

You need the client credentials flow.

This is described in my post.