Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to integrate azure b2c with react

I am working with react and I have to give my user login through Azure B2C, So I am trying to do that but I am not able to find out how to do that and what is the.

What I have tried

  1. I got this example from Microsoft site which is done using plain JavaScript (vanilla), I have no idea how I will implement this in my react code.

So I tried to move with some react library, I google around and found This library

I have followed the same code they have written, but when I hit login button it takes me to login page of azure, So in my app.js I am doing console.log(authentication.getAccessToken()); after login it throws null, I don't know why

My code

authentication.initialize({
        // optional, will default to this
        instance: 'https://login.microsoftonline.com/tfp',
        // My B2C tenant
        tenant: 'mytenant.onmicrosoft.com',
        // the policy to use to sign in, can also be a sign up or sign in policy
        signInPolicy: 'B2c_signupsignin',
        // the the B2C application you want to authenticate with (that's just a random GUID - get yours from the portal)
        clientId: 'fdfsds5-5222-ss522-a659-ada22',
        // where MSAL will store state - localStorage or sessionStorage
        cacheLocation: 'sessionStorage',
        // the scopes you want included in the access token
        scopes: ['https://mytenant.onmicrosoft.com/api/test.read'],
        // optional, the redirect URI - if not specified MSAL will pick up the location from window.href
        redirectUri: 'http://localhost:3000',
    });

And then on click of login I am doing this

const Log_in = () => {
        authentication.run(() => {});
        
    };

in my app.js I am doing like below

import authentication from 'react-azure-b2c';

function App() {
    console.log(authentication.getAccessToken());   
}

So initially it is showing null which is fine, but after login also it is throwing error only.

So I was not able to resolve this, that's why I move to the other library which is almost similar to this

  1. This one

So here when I click on login button I am getting error as

Error

The example I got from Microsoft with valina Javascript, I think that is the perfect way to do but How can I imliment that through react I don't know

This the code with vanilla js

I have been stuch here from long time i don't know what to do now, not able to find good example on google to implement it with react

PS: I am using react hooks functional component to write my code, please guide me through this

I just want to implement this using react in a proper way, I know out tehre so many peoples who are already using this, so I just want to see a good example.

Edit / update

I tried doing like this

    b2cauth.initialize({
    instance: 'https://mylogin.b2clogin.com/tfp',
    tenant: 'mylogin.b2clogin.com',
    signInPolicy: 'B2C_1_SigninSignupUsername',
    clientId: 'fc3081ec-504a-4be3-a659-951a9408e248',
    cacheLocation: 'sessionStorage',
    scopes: ['https://mylogin.b2clogin.com/api/demo.read'],
    redirectUri: 'http://localhost:3000',
});
b2cauth.run(() => {
    ReactDOM.render(<App />, document.getElementById('root'));
    serviceWorker.unregister();
});

I check Microsoft link pasted as answer, and changed instance: instance: 'https://mylogin.b2clogin.com/tfp',

to

instance:'https://my-tanent-name.b2clogin.com/tenent-id/oauth2/authresp',

but I am getting error as bad request

and I check network tab and I check the url it is hitting and it is hitting below

https://login.microsoftonline.com/common/discovery/instance?api-version=1.0&authorization_endpoint=https://my-tenatnt-name.b2clogin.com/tenant-id/oauth2/authrespmy-tenant-name.b2clogin.com/b2c_1_signinsignupusername/oauth2/v2.0/authorize

I tried removing https from instance and hit it like this

//mytenant.b2clogin.com/tenant-id/oauth2/authresp

it throws error as Uncaught AuthorityUriInsecure

Error

I think it is going to wrong place

like image 736
manish thakur Avatar asked Aug 25 '20 06:08

manish thakur


Video Answer


1 Answers

Your coordinates for the b2c instance are not correct (see note). You can find more details: https://docs.microsoft.com/en-us/azure/active-directory-b2c/b2clogin

If you like you can use this sample, which shows how to use B2C policy from React application using oidc-client.js library. By default it is configured to use PKCE but you can configure it to use implicit flow instead if needed (not recommended).

Complete instructions provided in the git repo but here is the high level overview.

  • You need to first create application in b2c along with the policy (not shown). You should add two redirect uris -- https://localhost:3000 and https://localhost:3000/callback.html

enter image description here

  • You can also add permissions in case you like to receive an access_token in addition to the id_token.

enter image description here

  • Your manifest should look similar to:
{
    "id": "443ca8db-7bd1-4ebd-9671-ce94e006a18a",
    "acceptMappedClaims": null,
    "accessTokenAcceptedVersion": 2,
    "addIns": [],
    "allowPublicClient": null,
    "appId": "50d2c416-a5ad-4c5c-b36a-0d1ac5b48167",
    "appRoles": [],
    "oauth2AllowUrlPathMatching": false,
    "createdDateTime": "2020-09-02T00:11:35Z",
    "groupMembershipClaims": null,
    "identifierUris": [],
    "informationalUrls": {
        "termsOfService": null,
        "support": null,
        "privacy": null,
        "marketing": null
    },
    "keyCredentials": [],
    "knownClientApplications": [],
    "logoUrl": null,
    "logoutUrl": null,
    "name": "OIDC-Test-APP",
    "oauth2AllowIdTokenImplicitFlow": false,
    "oauth2AllowImplicitFlow": false,
    "oauth2Permissions": [],
    "oauth2RequirePostResponse": false,
    "optionalClaims": null,
    "orgRestrictions": [],
    "parentalControlSettings": {
        "countriesBlockedForMinors": [],
        "legalAgeGroupRule": "Allow"
    },
    "passwordCredentials": [],
    "preAuthorizedApplications": [],
    "publisherDomain": "contoso.onmicrosoft.com",
    "replyUrlsWithType": [
        {
            "url": "http://localhost:3000/signin-callback.html",
            "type": "Spa"
        },
        {
            "url": "http://localhost:3000/",
            "type": "Spa"
        }
    ],
    "requiredResourceAccess": [
        {
            "resourceAppId": "00000003-0000-0000-c000-000000000000",
            "resourceAccess": [
                {
                    "id": "37f7f235-527c-4136-accd-4a02d197296e",
                    "type": "Scope"
                },
                {
                    "id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
                    "type": "Scope"
                }
            ]
        },
        {
            "resourceAppId": "18ac2afe-2c1f-4ea8-8d63-14dd50ee4f85",
            "resourceAccess": [
                {
                    "id": "d5515006-5646-4398-ad59-fffc357f3423",
                    "type": "Scope"
                }
            ]
        }
    ],
    "samlMetadataUrl": null,
    "signInUrl": null,
    "signInAudience": "AzureADandPersonalMicrosoftAccount",
    "tags": [],
    "tokenEncryptionKeyId": null
}
  • Clone the repo and update the settings present inside AuthSettings.ts to match your tenant. You must update client_id and contoso which is the tenant name.
const settings = {

      // This is  the metadata endpoint
      authority: 'https://contoso.b2clogin.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_signup_signin',
      
      // Turn off calls to user info since CORS will block it
      loadUserInfo: false, 

      // The URL where the Web UI receives the login result
      redirect_uri: 'http://localhost:3000/signin-callback.html',

      // The no longer recommended implicit flow must be used if CORS is disabled
      // If you want to use impicit flow use id_token instead of code for the return type.
      response_type: 'code',

      // Other OAuth settings
      client_id: '18ac2afe-2c1f-4ea8-8d63-14dd50ee4f85',
      
      // openid is required, remove https://contoso.onmicrosoft.com/test/Read if access_token is not required.
      scope: 'openid https://contoso.onmicrosoft.com/test/Read', 
       // Supply these details explicitly. Directly copied from azure ad b2c policy metadata endpoint.
       metadata: {
        issuer: 'https://contoso.b2clogin.com/9859cd0c-9d99-4683-abcc-87462f67a0bc/v2.0/',
        authorization_endpoint: 'https://contoso.b2clogin.com/contoso.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1a_signup_signin',
        token_endpoint: 'https://contoso.b2clogin.com/contoso.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1a_signup_signin',
        jwks_uri : 'https://contoso.b2clogin.com/contoso.onmicrosoft.com/discovery/v2.0/keys?p=b2c_1a_signup_signin',
        end_session_endpoint: "https://contoso.b2clogin.com/contoso.onmicrosoft.com/oauth2/v2.0/logout?p=b2c_1a_signup_signin&post_logout_redirect_uri=http%3A%2F%2Flocalhost:3000%2F"

    },

  } as UserManagerSettings;
  • Build and run the app using yarn or npm

  • Application will launch by default on http://localhost:3000

enter image description here

  • Click Login and it should take you to the b2c policy to complete the journey.

enter image description here

  • After you complete the journey in the b2c policy you will be redirected back to the application.

enter image description here

like image 97
Razi Avatar answered Sep 21 '22 15:09

Razi