Category Archives: Active Directory B2C

DX20807: Unable to retrieve document from: ‘[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.] site:stackoverflow.com

Hi everyone,

I ran into the following error today while implementing Azure AD B2C:

DX20807: Unable to retrieve document from: ‘[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.%5D site:stackoverflow.com

There are a lot of different solutions to this error posted on Stackoverflow, Github, etc but without anything else to go on it’s pretty hard to narrow down the cause. This is where the ShowPII property comes in handy:

….
var resultJson = configuration.GetSection(“AzureAdB2cConfiguration”).Value;
var azureConfig = JsonConvert.DeserializeObject(resultJson);

Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true; // TODO: This should be removed in production and the authority url changed to https

jwtOptions.RequireHttpsMetadata = false; // TODO: This should be removed in production and the authority url changed to https
jwtOptions.Authority = azureConfig.Authority;
jwtOptions.Audience = azureConfig.AppClientId;
jwtOptions.Events = new JwtBearerEvents {
OnAuthenticationFailed = AuthenticationFailed,
};


static Task AuthenticationFailed(AuthenticationFailedContext arg)
{
// For debugging purposes only!
var s = $”AuthenticationFailed: {arg.Exception.Message}”;
arg.Response.ContentLength = s.Length;

System.Diagnostics.Debugger.Break();
return arg.Response.Body.WriteAsync(Encoding.UTF8.GetBytes(s), 0, s.Length);
}

Simply set Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII to true while configuration your authentication and the full internal error will be shown instead of the vague PII message.

In my case this turned out to be an issue with the construction of my authority url.

Cheers,
Chris

Return URL is missing path – Azure AD B2C

Hi everyone,

Just a small issue I’ve hit while implementing Azure AD B2C. After logging in Azure has been routing me to the base path instead of including the controller.

The solution to this turned out to be pretty straight-forward. All URLS apparently need to be including in the reply URLs of your Azure AD B2C application.

Just add a new row with the entire url to yours and it should start working immediately.

Thanks,
Chris

Azure AD B2C – Unauthorized

Hi everyone,

I’ve been mucking around with Azure AD B2C. It seems like a pretty good substitute for AWS Cognito that I’ve used previously.

While following the Microsoft sample tutorials I ran into an “unauthorized” error. A value was being returned but no access token was provided.

This seems to be indicative of an issue with scopes. In my case, I’d excluded a trailing slash on the ApiIdentifier url in the TaskWebApp web.config.

This seems to be a fairly common configuration issue. The following stackoverflow post pointed me in the right direction:

https://stackoverflow.com/a/49304044/522859

Relevant tutorial article can be found here: https://docs.microsoft.com/en-au/azure/active-directory-b2c/active-directory-b2c-tutorials-web-api?tabs=applications