I'm trying to add Apple as an identity provider to my Azure B2C tenant, I have Microsoft and Google set up already and had no issues with either of those.
With Apple, I followed Microsoft's guide to the letter. I have a custom domain, for example's sake myapp.net
. My tenant is named myapp.net
rather than myapp.onmicrosoft.com
and I have Azure Front Door enabling the domain https://login.myapp.net
instead of https://myapp.b2clogin.com
. As above, all of this works fine with Microsoft, Google and local sign up (directly to the B2C tenant), so I don't think the tenant, Front Door or the domain itself are to blame.
Within the Apple developer portal, I set the domain as login.myapp.net
and the return URL as https://login.myapp.net/myapp.net/oauth2/authresp
. I ran the user flow in Azure B2C, clicked the Apple sign-in button and get this:
Anybody know why this might be? Or at least how to debug maybe at Apple's side to find out what it thinks the return URL should be or the actual value it's getting?
Doc says Enter https://your-domain-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp. Replace your-tenant-name with the name of your tenant, and your-domain-name with your custom domain.
Should be
https://login.myapp.net/myapp.onmicrosoft.com/oauth2/authresp
Looking in the browser dev tools network trace will show the redirect_uri parameter AAD B2C generates as part of the url to Apple. That value is what needs to be registered at Apple.