Having error when trying to get silent session refresh token - azure-ad-b2c-custom-policy

when trying to access token from my application on azure b2c i get this error:
error=interaction_required&error_description=AADB2C90077%3a+User+does+not+have+an+existing+session+and+request+prompt+parameter+has+a+value+of+%27None%27
the scope is properly configured. please assistance is needed

Related

Firebase Auth with Azure SAML SSO

I've already been able to get a SAML SSO up and running perfectly using this article.
However, when I try to replicate the steps using Azure as the IDP, I get the following error:
FirebaseError: Firebase: SAML Response <Issuer> mismatch. (auth/invalid-credential).
I don't know why more info isn't provided in the error, but it's left me without a lot of options for how to fix it.
I'm setting up Azure using a non-gallery Enterprise App, assigning a user to the app, and attempting to sign in on the Firebase app using the SAMLAuthProvider and signInWithPopup (as outlined in the article). Here's what the SSO configuration screens look like for both Azure and Google Cloud Identity
Configuration Screens
Azure AD is the IDP, and "Firebase" is the SP, so it looks like you have some of the values misconfigured.
The error FirebaseError: Firebase: SAML Response <Issuer> mismatch. should be referring to the Entity IDs not matching.
Start with making these 2 changes. You'll have to determine your SP Entity ID, it's likely your app's URL
https://ibb.co/rk24hKN

Azure Managed Identity: DefaultAzureCredential: Regional Cache Auth Service token requests for flows that require encrypted tokens are forbidden

I have a C# / .NET Core Azure Function with a system managed identity. I want to use this identity to get a token to interact with another service. For this I use DefaultAzureCredential -> GetTokenAsync from Azure.Identity.
But when I try that I get the following error:
ManagedIdentityCredential authentication failed: Service request
failed.\nStatus: 400 (Bad
Request)\n\nContent:\n{"exceptionMessage":"AADSTS100009: Regional
Cache Auth Service token requests for flows that require encrypted
tokens are forbidden."
Why is this happening and how can I resolve this issue?
Thanks
For some reason (maybe someone can explain why) after removing .default from the scope it worked.

Azure Active Directory API - EC001 Claims Missing

I have to call an API hosted (not by me) on an app on AAD. I can get the bearer access jwt token via the C# library IdentityModel and if I parse it I can see all claims in place (meaning the "Claims" property in the "JwtSecurityToken" object).
Then I try to call the API passing the bearer and I get a 401 Unathorized - EC001 claims missing.
I can't get why that is, can't find any doc about it and I can't understand whether it's my fault or might be due to the app config on AAD.
Could someone help me about it?
Thank you
The error might be occurring because of the App configuration on Azure Active Directory.
The API might require some claims which might be missing in your JWT token.
For example,
• roles and wids claims to validate that the user themselves has authorization to call the API
• aud claim to ensure that the user intended to call your application
• scp claim to validate that the user has granted the calling app permission to call your API
• appid claim to ensure that the calling client is allowed to call the API
Please refer the below document for more information :
https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens

Unable to get access token using Resource Owner Password Credential flow

I would like to implement Password Credentials flow in ASP Net Core. The idea is we created a service account (user#{tenant}.onmicrosoft.com) with Global Administrator role where this will read information on users behalf.
I also created app in app registration page and resource owner user flow as mentioned here.
By following the instructions in this document to test my created ROPC, I encountered the error as shown in the screenshot below.
The application is created in the Azure AD B2C -> App Registrations and I don't know why my ROPC is not working.
I really appreciate your response. Thank you.
Make sure you have registered the application as mentioned in the document and the account type should be "Accounts in any organizational directory or any identity provider. For authenticating users with Azure AD B2C.".
For Testing Use the below Url and check the screenshot on how to pass the parameters
https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/B2C_1_ROPC_Auth/oauth2/v2.0/token

Cognito User Pool - Are refresh tokens tied to client ID?

While doing some cross-team work the other day attempting to get an API endpoint in place to facilitate the use of refresh tokens, I was a bit stumped as to why I was getting an "Invalid Refresh Token" error back when I would try the InitiateAuth or AdminInitiateAuth actions when attempting to use the REFRESH_TOKEN or REFRESH_TOKEN_AUTH flows.
In the .NET API we are transitioning over to Cognito, I was using one Client ID. We were also using another client ID for a starter project that we could hit to get JWTs back. From what I can tell, the Client ID is tied to the refresh token, which is why I was getting the invalid token error.
Can anyone confirm that has a bit more experience?
You are correct, it is tied to a client id.
Source: I work on the Cognito team.