问题描述
我正在尝试使用自定义策略将自定义OpenID Connect身份提供程序集成到Azure AD B2C中.但是,使用授权码从IdP重定向回后,自定义用户流失败,并显示以下错误(使用MSAL.js):
I'm trying to integrate a custom OpenID Connect Identity Provider in Azure AD B2C using custom policies.However, after being redirected back from the IdP with an authorization code, the custom user flow fails with the following error (using MSAL.js):
login failure {"_error":"server_error","_errorDesc":"AADB2C90289: We encountered an error connecting to the identity provider. Please try again later.\r\nCorrelation ID: 97809cc4-04e8-47a3-9263-de57260e7979\r\nTimestamp: 2019-07-18 15:47:32Z\r\n","_scopes":""}
我已经启用了到Application Insights的日志记录,但是唯一可以找到的相关信息是:
I've enabled logging to Application Insights, but the only thing relevant I could find was:
{
""Kind"": ""HandlerResult"",
""Content"": {
""Result"": true,
""RecorderRecord"": {
""Values"": [
{
""Key"": ""SendErrorTechnicalProfile"",
""Value"": ""OAuth2ProtocolProvider""
},
{
""Key"": ""Exception"",
""Value"": {
""Kind"": ""Handled"",
""HResult"": ""80131500"",
""Message"": ""We encountered an error connecting to the identity provider. Please try again later."",
""Data"": {
""IsPolicySpecificError"": false
}
}
}
]
},
""Statebag"": {
""SE"": {
""c"": ""2019-07-18T13:46:21.1438143Z"",
""k"": ""SE"",
""v"": """",
""p"": true
}
}
}
},
是否可以记录对Idp进行的实际网络调用以查看出了什么问题? Idp不在我的控制之下,因此我无法在其中记录它们.
Is there a way to log the actual network calls made to the Idp to see what is wrong? The Idp is not under my control, so I cannot log them there.
推荐答案
虽然我没有找到记录更多信息的方法,但是我能够通过使用反向代理拦截对外部IDP的所有调用来解决我的问题.这表明b2c正在使用client_secret_post来获取访问令牌,而IdP仅支持client_secret_basic.
While I didn't find a way to log more info, I was able to solve my issue by using a reverse proxy to intercept all calls to the external IdP. This revealed that b2c was using client_secret_post to fetch the access token, while the IdP only supported client_secret_basic.
这篇关于在Azure AD B2C中使用自定义策略记录对Identity Provider的调用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!