Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] B2C API token validation reports invalid issuer #1249

Closed
7 tasks
mrochon opened this issue Jun 8, 2021 · 3 comments
Closed
7 tasks

[Bug] B2C API token validation reports invalid issuer #1249

mrochon opened this issue Jun 8, 2021 · 3 comments
Labels
question Further information is requested

Comments

@mrochon
Copy link

mrochon commented Jun 8, 2021

Which version of Microsoft Identity Web are you using?
Note that to get help, you need to run the latest version.

1.12.0

Where is the issue?

  • Web app
    • Sign-in users
    • Sign-in users and call web APIs
  • Web API
    • [X ] Protected web APIs (validating tokens)
    • Protected web APIs (validating scopes)
    • Protected web APIs call downstream web APIs
  • Token cache serialization
    • In-memory caches
    • Session caches
    • Distributed caches
  • Other (please describe)

Is this a new or an existing app?
Sample app in development.

Repro

  1. Token to API obtained from B2C includes issuer: https://mrochonb2cprod.b2clogin.com/cf6c572c-c72e-4f31-bd0b-75623d040495/v2.0/
  2. Fiddlr shows that the API is obtaining .well-known metadata with the same issuer
  3. App errors with: Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDW10303: Issuer: 'https://mrochonb2cprod.b2clogin.com/cf6c572c-c72e-4f31-bd0b-75623d040495/v2.0/', does not match any of the valid issuers provided for this application. Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDW10303: Issuer: 'https://mrochonb2cprod.b2clogin.com/cf6c572c-c72e-4f31-bd0b-75623d040495/v2.0/', does not match any of the valid issuers provided for this application.
  "B2C": {
    "Instance": "https://login.microsoftonline.com/tfp/",
    //"Instance": "https://mrochonb2cprod.onmicrosoft.com",
    "TenantId": "cf6c572c-c72e-4f31-bd0b-75623d040495",
    "Domain": "mrochonb2cprod.onmicrosoft.com",
    "ClientId": "5e976aba-65ee-4185-8fdc-d317f7c34959",
    "RedirectUri": "https://b2crestapis",
    "SignUpSignInPolicyId": "B2C_1_BasicSUSI"
  }

Expected behavior
Issuer should be accepted as valid

Actual behavior
Error: Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDW10303: Issuer: 'https://mrochonb2cprod.b2clogin.com/cf6c572c-c72e-4f31-bd0b-75623d040495/v2.0/', does not match any of the valid issuers provided for this application.

Possible solution
Will experiment with TokenValidationParameters as per some other bugs mentioned here.

Additional context / logs / screenshots
Add any other context about the problem here, such as logs and screenshots.
@jmprieur
Copy link
Collaborator

jmprieur commented Jun 8, 2021

@mrochon : would you mind trying the following configuration:

"Instance": "https://mrochonb2cprod.b2clogin.com",

@jmprieur jmprieur added the question Further information is requested label Jun 8, 2021
@mrochon
Copy link
Author

mrochon commented Jun 8, 2021

Yes, that worked. No errors. Thanks.

@mrochon mrochon closed this as completed Jun 8, 2021
@jmprieur
Copy link
Collaborator

jmprieur commented Jun 8, 2021

Thanks for confirming, @mrochon

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mrochon @jmprieur