adb2c authentication in azure chatbot

Question

adb2c authentication in azure chatbot

Atul Kumar 0

I am struggling to integrate adb2c authentication in azure chatbot. adb2c custom policies are working fine but when i use that in chatbot authentication it gives scope issue.

Any one has any experience in this area?

{
  "message": "Login failed",
  "statusCode": 400,
  "responseBody": "{\"error\":\"invalid_grant\",\"error_description\":\"AADB2C90085: The service has encountered an internal error. Please reauthenticate and try again.\\r\\nCorrelation ID: 07c9103e-11fe-4a3b-9272-ce72a5113aa5\\r\\nTimestamp: 2024-07-23 09:40:36Z\\r\\n\"}"
}

1 answer

Your answer

Answer 1

Hello Atul !

Thank you for posting on Microsoft Learn.

From the error you are getting, I think that you have an issue with the token exchange process failing and it can be due to scope misconfiguration or incorrect token request format.

Chatbots use OAuth 2.0 behind the scenes with an AAD B2C connection set in the Bot Channel Registration, so if you're using custom policies, the scope you use must match the scope configured in the Azure AD B2C app registration.

The scope shoul be set to:

<client_id>

or:

https://<tenant>.onmicrosoft.com/<custom-api>/user_impersonation

You need to avoid using the offline_access or openid scope unless required and supported.

Another thing to be aware of, is that the token endpoint must match the custom policy in the OAuth Connection Settings:

https://<tenant>.b2clogin.com/<tenant>.onmicrosoft.com/B2C_1A_signup_signin/oauth2/v2.0/token

Sometimes the custom policy XML does not pass client_id or misses required output claims for token issuance so the RelyingParty section in the policy returns the correct claims, like sub, email...

These steps will help you investigate the issue, but if the problem still persists I recommend that you open a support ticket for better assistance.

Share via

adb2c authentication in azure chatbot

1 answer

Your answer