I want to add the ability to sign in or up for my APIM developer portal via any Microsoft account type (personal or corporate, work ...).
I have uploaded SocialAndLocalAccounts custom policy from the starter pack (removed the Facebook provider and added AADCommon-OpenIdConnect) - I have attached these files below.
I have errors while I'm trying to sign up via a local or Microsoft account.
Let's try to look Microsoft account (multitenant)
When you filled the email and password, you will be redirected to webPortal.com/signup-oauth#provider=AadB2C&token=eyJhbGciOiJSUzI1NiIsImtpZ...
Looks like, all is good except that we have lost the session, and when we press "sign up" button, we get an exception:
Similar behavior I have when I try to sign up via a local account, but on the first step - record with user created in b2c tenant and then we can sign in by login and password:
When I filled email and password and confirmed email address, this one error, and 401 error code for "/identity", and 403 for "/users" endpoints .
When I try to click "Microsoft Account" again - server redirects me to this one page:
So, Azure Active Directory B2C tenant has:
- App registrations - apimb2cdemo with secret code, that I have set to APIM Identity (Accounts in any identity provider or organizational directory (for authenticating users with user flows))
- SocialAndLocalAccounts custom policy from the starter pack (Attached)
- app registrations - ProxyIdentityExperienceFramework - app (Accounts in this organizational directory only (Tenant only - Single tenant))
- app registrations - IdentityExperienceFramework - app (Accounts in this organizational directory only (Tenant only - Single tenant))
- app registrations - webapp1 - app (just for testing - jwt.ms) (Accounts in any identity provider or organizational directory (for authenticating users with user flows))
APIM Developer portal tenant has:
- app registrations - Azure AD B2C App with secret code, that I have set to my ClaimsProvider in TrustFrameworkExtensions
Redirect URL: https://your-b2c-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com/oauth2/authresp
(Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)) - Here, I chose a different option compared to the article
new one Identity provider in APIM Developer portal Menu
Azure Active Directory B2C - has reference to apimb2cdemo app with id and secret key and custom policy name and Client library - MSAL.
For this task, I am using these tutorials:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy (from 1 to 3 tutorials)
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad-b2c
Here I have left custom policies that I'm using - https://drive.google.com/drive/folders/1F1uBgF1R96dTUVziNOrw2WTH6dd_xCUH?usp=sharing
I have no idea what happened and why I have faced these issues, could you please assist me with this issue?
I'm looking forward to any ideas and solutions.
Thank you in advance!