I am using azureadb2c integration. On the customised login page which is using a third party login just like google or fb after successfully entering user and password we have a consent page. When user accept the consent it redirects to our Home page but when the user clicks on not give consent by default it is taking the user to login page. What I want to do is instead of taking the user to the login page I want it to be redirected to a custom error page. I have gone through various answers here for handling this using an additional orchestration step but none worked.
Last I found that api.error should handle all unhandled exception but I dont know why it is being ignored and the login screen is shown.
This is the exception that I found in Application Insight:
"Exception": {
"Kind": "Handled",
"HResult": "80131500",
"Message": "An invalid response was received : 'Error: access_denied,Error Description: ConsentNotGiven'",
"Data": {
"IsPolicySpecificError": false
}
This is my api.error Content Definition, I tried replacing the LoadUri and tested it in Network in Google Debug Console but I cant see even that particular url getting hit.
<ContentDefinition Id="api.error">
<LoadUri>~/tenant/templates/AzureBlue/exception.cshtml</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:globalexception:1.2.1</DataUri>
<Metadata>
<Item Key="DisplayName">Error page</Item>
</Metadata>
</ContentDefinition>
It will be helpful if someone can show how I can get this page rendered on every exception. Thanks
The way I do this is to use a paragraph.
I tried multiple solution to get the api.error page working but I wasn't able to accomplish the task. My major aim was to render the custom error page whenever user clicks the cancel or not giving accent button which was throwing an exception with above code : AADB2C90273
Finally I have got the solution and it was to edit the Startup file and to fetch the event that gets triggered when the exception is raised in ADB2C.
The project being in .Net Core 3.1 it was quite difficult to get the way to set up OpenIdConnectOptions with AzureADB2c events as we weren't able to find any document related to it.
I added below code in the Startup.cs file in the ConfigureServices method :
services.Configure<OpenIdConnectOptions>(Configuration.GetSection("AzureAdB2C"))
.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.Events.OnMessageReceived = (context) =>
{
if (!string.IsNullOrEmpty(context.ProtocolMessage.Error) &&
!string.IsNullOrEmpty(context.ProtocolMessage.ErrorDescription) &&
context.ProtocolMessage.ErrorDescription.StartsWith("AADB2C90273"))
{
context.Response.Redirect("/Home/Error");
context.HandleResponse();
}
return Task.CompletedTask;
};
});
where Configuration.GetSection("AzureAdB2C") is used to get the properties defined in json file and OnMessageReceived was the event that was getting triggered when adb2c was having an exception. I redirected it to the custom error page that I created.
I hope this helps someone.
Related
I am facing issue with account linking in google action console. What should be parameter in the https://oauth-redirect.googleusercontent.com for successful account linking and redirecting me back to simulator?
Firstly I have used auth0 for account linking. It was successful v.i.a simulator i.e It was opening the auth0 login page where I logged in and it was showing me "Account Linking Successful" and redirecting me back to google simulator page for further testing. But when I used my website for authentication It is returning error while Account linking.
https://oauth-redirect.googleusercontent.com/r/airpurifier-dlfvrq?state=MY_STATE&access_token=KkvQ85d36b1ebcf0cea06a5148236tdVEp&token_type=bearer
returns "The parameter "code" or "error" must be set in the query string". as error message
When I intentionally add
https://oauth-redirect.googleusercontent.com/r/airpurifier-dlfvrq?state=MY_STATE&access_token=KkvQ85d36b1ebcf0cea06a5148236tdVEp&token_type=bearer&code=200
An error occurred in returning the result.
I have followed the entire documentation from https://developers.google.com/actions/identity/oauth2
Any help will be appreciated. Thanks.
As per the documentation the return URL should be in below format:
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID#access_token=ACCESS_TOKEN&token_type=bearer&state=STATE_STRING
Notice that you are using "?" after project ID which should be "#". Change it and try. It should work.
I have a User Flow for Password Reset set up with Email Verification. When I verify an email account that doesn't exist in our AD group, there's an error
There appears the error "An Account Could Not Be Found for this user ID".
Hitting 'Continue' causes a "Please wait while we process your information" message.
Hitting continue again a few times seems to take me to an error url like: B2C_1_ResetPassword/api/SelfAsserted/error?code=UX012 ... max retries reached
I have a Hacky Fix of sorts that binds Clicking on the Continue when the Error message is present to disabling the Continue button.
<script>
$("#continue").click(function (){
var claimVerification = $('#claimVerificationServerError:contains("account could not be found for the provided user")');
if(claimVerification.length > 0){
$("#continue").prop("disabled", true);
}
});
</script>
I have to "Enable JavaScript enforcing page layout (preview)" option turned on for this to sort of work though.
Is there a more correct solution to this issue?
As I tested with our default experiences as well as the current available templates, it doesn't seem like "Please wait while we process your information" will ever display persistently. Can you check if your css is not adding additional properties to the element used for displaying such message?
For the second scenario, it is for now by design to redirect to your client where you can setup certain logic to handle the error code "AADB2C90157" we return from the url.
For a project, I need to get some public pages' posts.
I have 105 pages I need to get posts from and my program works fine with the most of them, but not with one.
When I use my app's access token it gets me what I want, except when trying to get posts from one page, "Yaakov.Perry".
When I send a request to this page, the server sends me this error:
"error": {
"message": "Unsupported get request. Object with ID 'Yaakov.Perry' does not exist, cannot be loaded due to missing permissions, or does not support this operation. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api",
"type": "GraphMethodException",
"code": 100,
Also, while my app's access token works for every page except this, the access code that the graph api explorer generates works for every one (including it).
Does any one know why this problem happens and how to fix it?
I'm successfully logging in my Xamarin Forms application with Azure AD.
The problem is that when I'm logged in through the webview opened by default with :
user = await AuthenticationManager.DefaultManager.CurrentClient.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, true);
The created webview shows a message telling me that I'm logged in but I don't know how to close this view after that.
Is there an event I can use or am I doing something wrong and the webview is supposed to close itself upon complete authentication ?
EDIT :
I changed my call to :
user = await AuthenticationManager.DefaultManager.CurrentClient.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, false);
Becase I didn't give an SID being a Xamarin Forms project.
The result is that the window closes now but I get and InvalidOperationException with the message :
Invalid format of the authentication response.
Any idea about the format I should give ? I don't see what I could change to be able to get the user connected.
Just leave off the true/false on the end.
For more information on authentication, see chapter 2 of http://aka.ms/zumobook
I am developing modx manager custom page and cannot check if user is logged in and has access to manager ? So far I tried
$modx->user->get('username');
All i get is (anonymous) even if i am logged in and when i am not logged in.I have also tried sessioncontext etc as well. Am i doing something wrong. Did anyone faced same issue.
You need a custom snippet to manage showing things for people who are logged in or not and the Login Extra to easily access user fields. Then paste this in and call it isAdmin:
<?php
if ($modx->user instanceof modUser) {
if ($modx->user->hasSessionContext('mgr')) {
return true;
}
}
return false;
And then you want to use it like this...
[[!isAdmin:notempty=`
<!-- Do something for people logged in -->
`:default=`
<!-- Do something for everyone else -->
`]]
Code is from Mark Hamstra's blog.