0

I'm working on an ASP.NET Core 8 API called ApiApp secured with Azure AD B2C and an ASP.NET Core MVC application called WebApp. Everything works fine, and I can call ApiApp from WebApp.

I want to enrich the user's claims using IClaimsTransformation upon login. My goal is to implement IClaimsTransformation, make a call to ApiApp to query the database, retrieve the necessary data, and enrich the user's claims.

To achieve this, I need a token to call ApiApp. I tried generating the token with the following method:

private async Task<string> GetApplicationTokenAsync()
{
    try
    {
        var clientId = _configuration["AzureAdB2C:ClientId"]; // ClientId of the WebApp
        var clientSecret = _configuration["AzureAdB2C:ClientSecret"]; // ClientId of the WebApp
        var scope = _configuration["MyApp:MyAppScope"]; // exposed API scope access_as_user
        var tenant = _configuration["AzureAdB2C:Domain"];
        var policy = _configuration["AzureAdB2C:SignUpSignInPolicyId"];

        var tenantName = "mytenant";
        var authority = $"https://{tenantName}.b2clogin.com/{tenantName}.onmicrosoft.com/{policy}/v2.0";


        var app = ConfidentialClientApplicationBuilder.Create(clientId)
            .WithClientSecret(clientSecret)
            .WithAuthority(new Uri(authority))
            .Build();

        var authResult = await app.AcquireTokenForClient(new[] { scope }).ExecuteAsync();
        return authResult.AccessToken;
    }
    catch (Exception ex)
    {
        throw;
    }
}

However, I receive the error:

AADSTS50049: "Unknown or invalid instance".

  • What should I do to correctly obtain the token?
  • Is there something wrong in my Azure AD B2C configuration or code?

REPO:

I have created this repository to facilitate clear visibility and analysis of the issue I am encountering, allowing for a deeper understanding of the error.

Azure ApiApp Config:

Azure WebApp Config:

Improve this question
5
  • could you make sure that your ApiApp has the correct API permissions. check if you have defined the scope (e.g., api://{clientId}/access_as_user) in the Azure portal. Make sure the WebApp has permission to request this scope.
    – Jalpa Panchal
    Commented Jul 1 at 9:45
  • try setting the appsettings.json file like this:{ "AzureAdB2C": { "Instance": "https://your-tenant-name.b2clogin.com/", "ClientId": "your-client-id", "Domain": "your-tenant-name.onmicrosoft.com", "SignUpSignInPolicyId": "your-policy-name", "ClientSecret": "your-client-secret" }, "MyApp": { "MyAppScope": "api://your-api-app-client-id/access_as_user" } }
    – Jalpa Panchal
    Commented Jul 1 at 9:46
  • @JalpaPanchal I updated my question with more data about my Azure Ad configurations. I can confirm that I have the correct API permissions(api://{clientId}/access_as_user)
    – micex
    Commented Jul 2 at 12:50
  • @JalpaPanchal also I tried to set the appsettings.json file as you suggested, but I get always the same error. At his point maybe the problem is authority. This is how the var authority it looks like : ` $"https://myapp.b2clogin.com/myapp.onmicrosoft.com/B2C_1_SignUpSignIn/oauth2/v2.0/token"
    – micex
    Commented Jul 2 at 12:53
  • the authority url format looks like not in correct format could you try this: https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/v2.0. double check the all values in your appsettings.json are correct. try to use the postman to get the token using same configuration to troubleshoot the issue
    – Jalpa Panchal
    Commented Jul 3 at 8:05
Related questions
0
Error AADSTS50049: "Unknown or invalid instance" in ASP.NET Core 8 MVC with Azure AD B2C
20
Add claims into token Azure B2C
609
Resolving instances with ASP.NET Core DI from within ConfigureServices
Load 6 more related questions Show fewer related questions

0

Reset to default

Browse other questions tagged or ask your own question.