REST API integration in Azure AD B2C Custom Policy

Anand Patil 45 Reputation points
2024-06-25T12:16:00.4666667+00:00

I am trying to call Token endpoint for B2C Custom policy.

When verified through postman, I am able to successfully call the endpoint. The parameters used in this postman request are as seen in the attached image.image

I want to integrated this endpoint in my B2C Custom Policy. My technical profile for the Rest Api claims provider looks like below -

**

When I try to run the policy, I end up in an error like below -
Correlation ID: 0045f84a-8d6a-4a39-9add-d3e9a3024e62

Timestamp: 2024-06-25 11:50:29Z

AADB2C: An exception has occurred.

App Insights only shows -
Exception Message:An internal error has occurred., CorrelationID:0045f84a-8d6a-4a39-9add-d3e9a3024e62

How can I resolve this issue ? Requesting quick responses as this issue is becoming a bottleneck for my implementation.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,759 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,531 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
239 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ganeshkumar R 590 Reputation points
    2024-06-25T12:23:40.1766667+00:00

    To integrate the token endpoint for B2C custom policy correctly, you need to ensure the technical profile is properly configured to match the parameters you have successfully tested in Postman.

    Based on the parameters in your Postman request, your TechnicalProfile should include all necessary parameters and correctly handle the request body.

    Example Technical Profile Configuration

    Here's a refined version of your technical profile for the REST API claims provider:

    
<TechnicalProfile Id="GetTokenInformation">

  <DisplayName>Get Token Information</DisplayName>

  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />

  <Metadata>

    <Item Key="ServiceUrl">https://myazb2cidporg.b2clogin.com/myazb2cidporg.onmicrosoft.com/oauth2/v2.0/token</Item>

    <Item Key="AuthenticationType">None</Item>

    <Item Key="SendClaimsIn">Body</Item>

    <Item Key="HttpBinding">POST</Item>

  </Metadata>

  <CryptographicKeys>

    <Key Id="client_secret_post" StorageReferenceId="B2C_1A_myfederatedwebappsecret" />

  </CryptographicKeys>

  <InputClaims>

    <InputClaim ClaimTypeReferenceId="code" PartnerClaimType="code" Required="true" />

    <InputClaim ClaimTypeReferenceId="redirect_uri" DefaultValue="https://jwt.ms" />

  </InputClaims>

  <OutputClaims>

    <OutputClaim ClaimTypeReferenceId="accessToken" PartnerClaimType="access_token" />

    <OutputClaim ClaimTypeReferenceId="refreshToken" PartnerClaimType="refresh_token" />

    <OutputClaim ClaimTypeReferenceId="idToken" PartnerClaimType="id_token" />

    <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />

    <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name" />

    <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />

    <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />

  </OutputClaims>

  <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />

</TechnicalProfile>

    Key Points

    1. Service URL: Ensure the ServiceUrl matches the endpoint you are trying to call.
    2. InputClaims:
      • code: This is typically the authorization code received after the user authentication.
      • redirect_uri: This should match the redirect URI used in your request. You can set a default value if it's always the same.
    3. Metadata Items:
      • Ensure all necessary parameters are included in the metadata if they are not part of InputClaims.
    4. OutputClaims:
      • Add the claims you want to retrieve from the token endpoint's response.

    Adding Static Parameters

    If you need to send static parameters like client_id, grant_type, and scope, you can include them directly in the metadata:

    
<Metadata>

  <Item Key="ServiceUrl">https://myazb2cidporg.b2clogin.com/myazb2cidporg.onmicrosoft.com/oauth2/v2.0/token</Item>

  <Item Key="AuthenticationType">None</Item>

  <Item Key="SendClaimsIn">Body</Item>

  <Item Key="HttpBinding">POST</Item>

  <Item Key="grant_type">authorization_code</Item>

  <Item Key="client_id">your-client-id</Item>

  <Item Key="scope">openid profile</Item>

</Metadata>

    Troubleshooting Steps

    1. Verify Endpoint:
      • Ensure the endpoint URL is correct and accessible from your Azure AD B2C tenant.
    2. Check App Insights:
      • Look for detailed error messages in Application Insights to understand any issues with the request.
    3. Double-Check Secrets:
      • Ensure the client_secret is correctly stored and referenced in your policy.

    Example Input and Output Claims

    If you need to pass additional claims in the request body, include them in the InputClaims section:

    
<InputClaims>

  <InputClaim ClaimTypeReferenceId="code" PartnerClaimType="code" Required="true" />

  <InputClaim ClaimTypeReferenceId="redirect_uri" DefaultValue="https://jwt.ms" />

  <InputClaim ClaimTypeReferenceId="client_secret_post" DefaultValue="{your-client-secret}" />

</InputClaims>

    Application Insights

    1. Enable Logging:
      • Ensure that detailed logging is enabled in your B2C custom policy settings to capture all error messages.
    2. Check Logs:
      • Look at the traces table in Application Insights for detailed error messages.

    By ensuring all parameters match what you've tested in Postman and correctly configuring your technical profile, you should be able to integrate the token endpoint into your B2C custom policy. If you continue to encounter issues, providing detailed logs from Application Insights will help in further diagnosing the problem.