Search code examples
c#azure-ad-b2c.net-9.0microsoft.identity.web

Sign-up User Flow with Azure B2C and Microsoft.Identity.Web

I'm using Microsoft.Identity.Web in a .NET 9.0 Blazor server app to support Azure B2C sign up and sign in. I've got it working using a combined Sign up and sign in user flow. This doesn't seem like a great approach if somebody knows they need to sign up and I provide then with a sign up link (I'm afraid that new users might get confused or miss the fact that the sign in page is also where you sign up).

I setup a separate Sign Up user flow. I'm pretty sure Microsoft.Identity.Web doesn't support this out of the box, so I tried to mimic the SignIn action in Microsoft's Account controller, with the only difference being that I pass my SignUp policy name:

[HttpGet("MicrosoftIdentity/Account/SignUp")]
public IActionResult SignUp()
{
    var scheme = OpenIdConnectDefaults.AuthenticationScheme;
    var redirectUrl = Url.Content("~/");

    var properties = new AuthenticationProperties { RedirectUri = redirectUrl };
    properties.Items[Constants.Policy] = "B2C_1_SignUp";
    
    return Challenge(properties, scheme);
}

When I hit the signup route, I ultimately get redirected to MicrosoftIdentity/Account/Error, and get back a 404. I also find this in my Output window:

Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler: Error: Message contains error: 'unauthorized_client', error_description: 'AADB2C90057: The provided application is not configured to allow the 'OAuth' Implicit flow.

I've confirmed that my policy name is correct. If I change the policy to my Sign up and sign in policy name, it works.

Is what I'm trying to do possible? What am I missing?

Screenshot of my user flow setup

Screenshot of my App Authentication setup

Solution

  • The error "AADB2C90057: The provided application is not configured to allow the 'OAuth' Implicit flow" usually occurs if the application is not enabled with implicit grant.

    To resolve the error, In Azure Ad B2C application under Manage -> Authentication. Under Implicit grant -> select both the Access tokens and ID tokens check boxes to enable the implicit flow:

    enter image description here

    After configuring it, wait for few minutes so that the configuration will set up and re-run the application.

    And also make sure the Sign-Up policy exists under user flow blade:

    enter image description here