Hi everyone,
I ran into the following error today while implementing Azure AD B2C:
There are a lot of different solutions to this error posted on Stackoverflow, Github, etc but without anything else to go on it’s pretty hard to narrow down the cause. This is where the ShowPII property comes in handy:
var resultJson = configuration.GetSection(“AzureAdB2cConfiguration”).Value;
var azureConfig = JsonConvert.DeserializeObject(resultJson);
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true; // TODO: This should be removed in production and the authority url changed to https
jwtOptions.RequireHttpsMetadata = false; // TODO: This should be removed in production and the authority url changed to https
jwtOptions.Authority = azureConfig.Authority;
jwtOptions.Audience = azureConfig.AppClientId;
jwtOptions.Events = new JwtBearerEvents {
OnAuthenticationFailed = AuthenticationFailed,
};
…
static Task AuthenticationFailed(AuthenticationFailedContext arg)
{
// For debugging purposes only!
var s = $”AuthenticationFailed: {arg.Exception.Message}”;
arg.Response.ContentLength = s.Length;
System.Diagnostics.Debugger.Break();
return arg.Response.Body.WriteAsync(Encoding.UTF8.GetBytes(s), 0, s.Length);
}
Simply set Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII to true while configuration your authentication and the full internal error will be shown instead of the vague PII message.
In my case this turned out to be an issue with the construction of my authority url.
Cheers,
Chris