Missing access_token in callback with OIDC using Azure AD B2C
1,302 views
Skip to first unread message
Kamahaem Roberts
May 4, 2021, 6:32:28 AM5/4/21
to Pac4j users mailing list
Hi team,
Has anyone had any experience with integrating pac4j with Azure AD B2C using OIDC?
I have tested a sample app with Google, Cognito, Azure AD. Really simple.
When I try to integrate with Azure AD B2C I receive...
com.nimbusds.oauth2.sdk.ParseException: Missing JSON object member with key "access_token"
This is after authenticating, during the callback.
I've setup a web app in Azure AD B2C with both Access and ID tokens selected.
I've used pretty much default configuration setting client id, secret and discovery URL and used the standard OIDC client as the Azure AD one has hard coded onmicrosoft references which definitely won't work with B2C as the root URL is different.
Any advice would be greatly appreciated!
Regards,
Marty
Jérôme LELEU
May 4, 2021, 8:01:07 AM5/4/21
to Kamahaem Roberts, Pac4j users mailing list
Hi,
If you don't get an access_token, I guess you may receive an error message instead.
Can you see the received JSON body (DEBUG logs on org.pac4j)?
Thanks.
Best regards,
Jérôme
--
You received this message because you are subscribed to the Google Groups "Pac4j users mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/78ce243e-e2a3-4dd0-9570-8678fe4a17cdn%40googlegroups.com.
Kamahaem Roberts
May 11, 2021, 5:49:32 AM5/11/21
to Pac4j users mailing list
Hi
Jérôme,
I got some help today from a fellow dev and managed to work out that scope wasn't being sent to the token api as required in Azure AD B2C documentation...
We hacked it in to get it working by literally adding the scope to the end of the token API request. Without it Azure returns an idp_access_token instead of access_token.
Do you know if there is a better way to implement sending scope with the token request?
Regards,
Marty
Jérôme LELEU
May 12, 2021, 5:10:22 AM5/12/21
to Kamahaem Roberts, Pac4j users mailing list
Hi,
We can certainly do things in a better way.
What did you change? The tokenRequest in the OidcAuthenticator?
Thanks.
Best regards,
Jérôme
To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/66a5cb1f-238c-4449-bf13-6cfb81b16786n%40googlegroups.com.
Kamahaem Roberts
May 12, 2021, 6:54:49 AM5/12/21
to Pac4j users mailing list
Hi Jérôme,
Thank you very much for responding however we think we worked out the issue and it's nothing to do with Pac4j. We are new to OIDC and learning. There are a few layers in our stack including Pac4j, Apache Shiro, AWS Cognito and Azure AD B2C! We just needed to read https://docs.microsoft.com/en-us/azure/active-directory-b2c/access-tokens properly and apply the correct scope. No need to hack anything in.
The Pac4j team are doing an awesome job. Thank you!!!
Regards,
Marty
Reply all
Reply to author
Forward
0 new messages