Azure AD B2C Microsoft帐户redirect_uri失败 [英] Azure AD B2C Microsoft Account redirect_uri failure

问题描述

我无法在AspNet Core 2.1网站上获得Microsoft帐户身份验证，但我无法使用Google身份验证.

I'm unable to get Microsoft Account authentication to work on an AspNet Core 2.1 website (I have Google authentication working).

当我从社交登录页面上单击"Microsoft帐户"按钮时，最终我进入了技术问题"错误页面.我的网络浏览器是Windows 10下的Google Chrome最新更新.

When I click on the Microsoft Account button from the social sign in page, I eventually land on a "technical problems" error page. My web browser is Google Chrome, under Windows 10, latest updates.

为了诊断正在发生的事情，我安装了LinkResearchTools链接重定向跟踪，以尝试并遵循最终使我进入该错误页面的重定向.我不确定这是调试/跟踪正在发生的事情的最佳方法，但这就是我能想到的一切.

In an attempt to diagnose what's going on, I installed LinkResearchTools Link Redirect Trace to try and follow the redirects that ultimately landed me on that error page. I'm not sure that's the best way to debug/trace what's happening, but it's all I could think of.

点击网站标题中的登录"链接，第一个重定向为:

Clicking the Sign In link in the header of the website, the first redirect is:

那将我带到社交登录"页面，在这里我可以选择Google(有效)或MicrosoftAccount(无效).

That takes me to a "social signin" page, where I can choose either Google (which works) or MicrosoftAccount (which doesn't).

下一个重定向是:

HTTPS://登录.live.com/oauth20_authorize.srf?client_id = 704398a8-908a-4512-9cc0-4453014b4714& redirect_uri = https％3a％2f％2fridemonitor.b2clogin.com％2fridemonitor.onmicrosoft.com％2foauth2％2fauthresp& response_type = +的OpenID轮廓+电子邮件&安培; response_mode = form_post&安培;随机数= OVJptuLcHfkYUCTk36vO6g％3D％3D&安培;状态= StateProperties％3deyJTSUQiOiJ4LW1zLWNwaW0tcmM6ZTU1MDdhMzYtMmJjYy00Y2Y4LWFlNGEtNmVjY2VkNjU0MWZkIiwiVElEIjoiNDkwNTEwYTctNDAwYy00MjI3LThlODMtNmRhOTU xZTQyMmI1In0

然后将我重定向到:

https://login.live.com/oauth20_desktop .SRF '+或+ A + URL +其中+比赛的+ + +重定向URI +注册+为这个客户端+ +应用程序&安培;状态= StateProperties％3deyJTSUQiOiJ4LW1zLWNwaW0tcmM6ZTU1MDdhMzYtMmJjYy00Y2Y4LWFlNGEtNmVjY2VkNjU0MWZkIiwiVElEIjoiNDkwNTEwYTctNDAwYy00MjI3LThlODMtNmRhOTUxZTQyMmI1In0

https://login.live.com/err.srf?lc=1033#error=invalid_request&error_description=The+provided+value+for+the+input+parameter+'redirect_uri'+is+not+valid.+The+expected+value+is+'https://login.live.com/oauth20_desktop.srf'+or+a+URL+which+matches+the+redirect+URI+registered+for+this+client+application.&state=StateProperties%3deyJTSUQiOiJ4LW1zLWNwaW0tcmM6ZTU1MDdhMzYtMmJjYy00Y2Y4LWFlNGEtNmVjY2VkNjU0MWZkIiwiVElEIjoiNDkwNTEwYTctNDAwYy00MjI3LThlODMtNmRhOTUxZTQyMmI1In0

显示错误页面.

请注意，埋在最后一个链接中的是错误描述字段(由于某些原因，它不会显示在错误页面上).如果我正确地解释了它，则表示我与Azure门户网站，我的网站应用程序或两者中设置的redirect_uri不匹配.

Note that, buried in the final link, is an error description field (which for some reason doesn't get displayed on the error page). If I'm interpreting it correctly, it's saying I have a mismatch with the redirect_uri set in either the Azure portal, my website app, or both.

但是我认为重定向设置是一致的:

Yet I think the redirects are set consistently:

• 网站应用，通过appsettings.json:"RedirectUri": " https://localhost:44305/signin-oidc "
• Azure门户，通过应用程序 属性回复网址: https://localhost:44305/signin-oidc

• website app, via appsettings.json: "RedirectUri": "https://localhost:44305/signin-oidc"
• Azure portal, via app properties reply url: https://localhost:44305/signin-oidc

因此，我显然在某处缺少某些东西.有想法吗?

So I'm obviously missing something somewhere. Thoughts?

推荐答案

如，您必须注册以下重定向URL与Microsoft身份提供商一起使用:

As described by the "Set up sign-up and sign-in with a Microsoft account using Azure Active Directory B2C" article, you must register the following redirect URL with the Microsoft identity provider:

https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp

此重定向URL从Azure AD B2C发送到Microsoft身份提供程序，以在Microsoft登录后返回到Azure AD B2C.

It is this redirect URL that is sent from Azure AD B2C to the Microsoft identity provider to return to Azure AD B2C after the Microsoft sign-in.

这篇关于Azure AD B2C Microsoft帐户redirect_uri失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！