How to add Azure B2c to Squidex

I have Customer Policy Login on Azure AD B2c like:

 "issuer": "https://mytenant.b2clogin.com/7d73c792-46b8-402b-b77f-38ce079a3dd7/v2.0/",
  "authorization_endpoint": "https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1a_signup_signin",
  "token_endpoint": "https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1a_signup_signin",
  "end_session_endpoint": "https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/oauth2/v2.0/logout?p=b2c_1a_signup_signin",
  "jwks_uri": "https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/discovery/v2.0/keys?p=b2c_1a_signup_signin",

How Can I add this Login policy to Squidex.

I have tried:

  1. Add this config to Configuration:
{
    {
        "name": "IDENTITY__oidcAuthority",
        "value": "https://login.microsoftonline.com/my_tenant_name/v2.0",
    },
    {
        "name": "IDENTITY__oidcClient",
        "value": "9bf5bf5c-320...."
    },
    {
        "name": "IDENTITY__oidcSecret",
        "value": "1LE8Q...
    }
}

Add Authentication Provider

My application Setting:


Environment

App Name:

  • [ ] Self hosted with docker
  • [ ] Self hosted with IIS
  • [ ] Self hosted with other version
  • [x] Cloud version

Version:

Docker image: squidex/squidex:dev-6913

Browser:

  • [x] Chrome Version 102.0.5005.115 (Official Build) (64-bit)
  • [ ] Chrome (Android)
  • [ ] Chrome (iOS)
  • [ ] Firefox
  • [ ] Safari (desktop)
  • [ ] Safari (iOS)
  • [ ] IE
  • [ ] Edge

Others:

What exactly is the question?

1 Like

How Can I add this Azure Ad B2c Policy Login to Squidex. @Sebastian

i did a few things but its not working.

I will have a look, but I need concrete errors or so to help. I cannot provide detailed instructions or test all kind of integrations myself.

1 Like

I got it working.

These are the settings I made:

IDENTITY_OIDCAUTHORITY

https://login.microsoftonline.com/{tenantId}/v2.0

from

IDENTITY__OIDCRESPONSETYPE

Code

IDENTITY__OIDCCLIENT

from

IDENTITY__SECRET

from

Redirect URI

https://<YOUR_DOMAIN>/signin-oidc

@Sebastian
I get error:

Check the logs … I cannot see what is going wrong.

i think i got the same error.

I have a SSO (azure ad b2c). I want to login by own SSO. And I want to manage User data in both squidex and own Identity server.

The redirect URL is without identity-server since a while ago.

What do you mean?
currently i can configure squidex to use Azure B2c login page, but after login login i get result as

You can test it: https://testsquid.dynatex.io/

Please check your logs. Internal errors (500) should produce a log output.

It does not help if you send me the same screenshot multiple times. It does not provide any information.

Btw. I can login with the link you have sent above.

I got same error here Login through External Authorization Server

Nothing logs:

Please search in the logs for any errors, search for error or exception or something like this.


2022-06-29T06:40:26.074384455Z {
2022-06-29T06:40:26.074434758Z   "logLevel": "Error",
2022-06-29T06:40:26.074442859Z   "message": "An unhandled exception has occurred while executing the request.",
2022-06-29T06:40:26.074447859Z   "eventId": {
2022-06-29T06:40:26.074452259Z     "id": 1,
2022-06-29T06:40:26.074456660Z     "name": "UnhandledException"
2022-06-29T06:40:26.074461460Z   },
2022-06-29T06:40:26.074465760Z   "timestamp": "2022-06-29T06:40:26Z",
2022-06-29T06:40:26.074470360Z   "app": {
2022-06-29T06:40:26.074474561Z     "name": "Squidex",
2022-06-29T06:40:26.076100155Z     "version": "5.0.0.0",
2022-06-29T06:40:26.076116156Z     "sessionId": "0fb754ef-2517-4724-bc98-085c323675f0"
2022-06-29T06:40:26.076121456Z   },
2022-06-29T06:40:26.076125457Z   "web": {
2022-06-29T06:40:26.076129357Z     "requestId": "00-19e8b2ffc7fd7a91f126a6178837c28d-e629306a7656c52e-00",
2022-06-29T06:40:26.076133557Z     "requestPath": "/identity-server/account/external",
2022-06-29T06:40:26.076146958Z     "requestMethod": "POST"
2022-06-29T06:40:26.076152658Z   },
2022-06-29T06:40:26.076156558Z   "category": "Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware",
2022-06-29T06:40:26.076160859Z   "exception": {
2022-06-29T06:40:26.076164759Z     "type": "System.InvalidOperationException",
2022-06-29T06:40:26.076169059Z     "message": "IDX20803: Unable to obtain configuration from: \u0027https://dynatexdigital.b2clogin.com/dynatexdigital.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/.well-known/openid-configuration\u0027.",
2022-06-29T06:40:26.084828362Z     "stackTrace": "   at Microsoft.IdentityModel.Protocols.ConfigurationManager\u00601.GetConfigurationAsync(CancellationToken cancel)\n   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)\n   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)\n   at Microsoft.AspNetCore.Authentication.AuthenticationHandler\u00601.ChallengeAsync(AuthenticationProperties properties)\n   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)\n   at Microsoft.AspNetCore.Mvc.ChallengeResult.ExecuteResultAsync(ActionContext context)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeResultAsync\u003Eg__Logged|22_0(ResourceInvoker invoker, IActionResult result)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeNextResultFilterAsync\u003Eg__Awaited|30_0[TFilter,TFilterAsync](ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResultExecutedContextSealed context)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.ResultNext[TFilter,TFilterAsync](State\u0026 next, Scope\u0026 scope, Object\u0026 state, Boolean\u0026 isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeResultFilters\u003Eg__Awaited|28_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeNextResourceFilter\u003Eg__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State\u0026 next, Scope\u0026 scope, Object\u0026 state, Boolean\u0026 isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeFilterPipelineAsync\u003Eg__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeAsync\u003Eg__Logged|17_1(ResourceInvoker invoker)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeAsync\u003Eg__Logged|17_1(ResourceInvoker invoker)\n   at Microsoft.AspNetCore.Routing.EndpointMiddleware.\u003CInvoke\u003Eg__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)\n   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)\n   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)\n   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.\u003CInvoke\u003Eg__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)"
2022-06-29T06:40:26.084899566Z   }
2022-06-29T06:40:26.084906966Z }
2022-06-29T06:40:26.084910967Z 
2022-06-29T06:40:26.084914767Z {
2022-06-29T06:40:26.084918567Z   "logLevel": "Error",
2022-06-29T06:40:26.084922867Z   "message": "An unhandled exception has occurred while executing the request.",
2022-06-29T06:40:26.084927068Z   "eventId": {
2022-06-29T06:40:26.084930968Z     "id": 1,
2022-06-29T06:40:26.084935068Z     "name": "UnhandledException"
2022-06-29T06:40:26.084939168Z   },
2022-06-29T06:40:26.084942969Z   "timestamp": "2022-06-29T06:40:26Z",
2022-06-29T06:40:26.084947169Z   "app": {
2022-06-29T06:40:26.084951069Z     "name": "Squidex",
2022-06-29T06:40:26.086907683Z     "version": "5.0.0.0",
2022-06-29T06:40:26.086934984Z     "sessionId": "0fb754ef-2517-4724-bc98-085c323675f0"
2022-06-29T06:40:26.086939785Z   },
2022-06-29T06:40:26.086943585Z   "web": {
2022-06-29T06:40:26.086947485Z     "requestId": "00-19e8b2ffc7fd7a91f126a6178837c28d-e629306a7656c52e-00",
2022-06-29T06:40:26.086951585Z     "requestPath": "/identity-server/account/external",
2022-06-29T06:40:26.086955585Z     "requestMethod": "POST"
2022-06-29T06:40:26.086959486Z   },
2022-06-29T06:40:26.086972386Z   "category": "Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware",
2022-06-29T06:40:26.086977487Z   "exception": {
2022-06-29T06:40:26.086981487Z     "type": "System.InvalidOperationException",
2022-06-29T06:40:26.086993488Z     "message": "IDX20803: Unable to obtain configuration from: \u0027https://dynatexdigital.b2clogin.com/dynatexdigital.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/.well-known/openid-configuration\u0027.",
2022-06-29T06:40:26.086999388Z     "stackTrace": "   at Microsoft.IdentityModel.Protocols.ConfigurationManager\u00601.GetConfigurationAsync(CancellationToken cancel)\n   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)\n   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)\n   at Microsoft.AspNetCore.Authentication.AuthenticationHandler\u00601.ChallengeAsync(AuthenticationProperties properties)\n   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)\n   at Microsoft.AspNetCore.Mvc.ChallengeResult.ExecuteResultAsync(ActionContext context)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeResultAsync\u003Eg__Logged|22_0(ResourceInvoker invoker, IActionResult result)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeNextResultFilterAsync\u003Eg__Awaited|30_0[TFilter,TFilterAsync](ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResultExecutedContextSealed context)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.ResultNext[TFilter,TFilterAsync](State\u0026 next, Scope\u0026 scope, Object\u0026 state, Boolean\u0026 isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeResultFilters\u003Eg__Awaited|28_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeNextResourceFilter\u003Eg__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State\u0026 next, Scope\u0026 scope, Object\u0026 state, Boolean\u0026 isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeFilterPipelineAsync\u003Eg__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeAsync\u003Eg__Logged|17_1(ResourceInvoker invoker)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeAsync\u003Eg__Logged|17_1(ResourceInvoker invoker)\n   at Microsoft.AspNetCore.Routing.EndpointMiddleware.\u003CInvoke\u003Eg__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)\n   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)\n   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)\n   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.\u003CInvoke\u003Eg__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)"
2022-06-29T06:40:26.087011589Z   }
2022-06-29T06:40:26.087015289Z }
2022-06-29T06:40:26.087019389Z 
2022-06-29T06:40:26.120281421Z {
2022-06-29T06:40:26.120313122Z   "logLevel": "Information",
2022-06-29T06:40:26.120319423Z   "message": "HTTP request executed.",
2022-06-29T06:40:26.120334424Z   "elapsedRequestMs": 887,
2022-06-29T06:40:26.120339124Z   "filters": {
2022-06-29T06:40:26.120343224Z     "costs": 0
2022-06-29T06:40:26.120356925Z   },
2022-06-29T06:40:26.120362125Z   "timestamp": "2022-06-29T06:40:26Z",
2022-06-29T06:40:26.120366226Z   "app": {
2022-06-29T06:40:26.120370226Z     "name": "Squidex",
2022-06-29T06:40:26.120374326Z     "version": "5.0.0.0",
2022-06-29T06:40:26.126735195Z     "sessionId": "0fb754ef-2517-4724-bc98-085c323675f0"
2022-06-29T06:40:26.126784698Z   },
2022-06-29T06:40:26.126789599Z   "web": {
2022-06-29T06:40:26.126793399Z     "requestId": "00-19e8b2ffc7fd7a91f126a6178837c28d-e629306a7656c52e-00",
2022-06-29T06:40:26.126797099Z     "requestPath": "/identity-server/account/external",
2022-06-29T06:40:26.152192974Z     "requestMethod": "POST"
2022-06-29T06:40:26.152202674Z   }
2022-06-29T06:40:26.152217775Z }
2022-06-29T06:40:26.152223375Z 
2022-06-29T06:40:26.208749158Z {

I got error

Seems to be some kind of configuration issue, but I am not sure what exactly you have configured.

Seems to be a problem with authority url, because it cannot access:

https://dynatexdigital.b2clogin.com/dynatexdigital.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/.well-known/openid-configuration
[
  {
    "name": "ASSETSTORE__AZUREBLOB__CONNECTIONSTRING",
    "value": "DefaultEndpointsProtocol=aaa",
    "slotSetting": false
  },
  {
    "name": "ASSETSTORE__AZUREBLOB__CONTAINERNAME",
    "value": "etc-squidex-assets-test",
    "slotSetting": false
  },
  {
    "name": "ASSETSTORE__TYPE",
    "value": "AzureBlob",
    "slotSetting": false
  },
  {
    "name": "B2C_1A_SIGNUP_SIGNIN_AUTHENTICATION_SECRET",
    "value": "aaaa",
    "slotSetting": true
  },
  {
    "name": "b2c_AUTHENTICATION_SECRET",
    "value": "aaaa",
    "slotSetting": true
  },
  {
    "name": "DiagnosticServices_EXTENSION_VERSION",
    "value": "~3",
    "slotSetting": true
  },
  {
    "name": "DOCKER_ENABLE_CI",
    "value": "true",
    "slotSetting": false
  },
  {
    "name": "DOCKER_REGISTRY_SERVER_URL",
    "value": "https://index.docker.io/v1",
    "slotSetting": false
  },
  {
    "name": "EMAIL__SMTP__PASSWORD",
    "value": "aaaaa",
    "slotSetting": false
  },
  {
    "name": "EMAIL__SMTP__PORT",
    "value": "587",
    "slotSetting": false
  },
  {
    "name": "EMAIL__SMTP__SENDER",
    "value": "aaaaa",
    "slotSetting": false
  },
  {
    "name": "EMAIL__SMTP__SERVER",
    "value": "smtp.gmail.com",
    "slotSetting": false
  },
  {
    "name": "EMAIL__SMTP__USERNAME",
    "value": "web@dynatex.io",
    "slotSetting": false
  },
  {
    "name": "EVENTSTORE__MONGODB__CONFIGURATION",
    "value": "aaaaaaaa",
    "slotSetting": false
  },
  {
    "name": "IDENTITY__ALLOWPASSWORDAUTH",
    "value": "true",
    "slotSetting": false
  },
  {
    "name": "IDENTITY__GITHUBCLIENT",
    "value": "",
    "slotSetting": false
  },
  {
    "name": "IDENTITY__GITHUBSECRET",
    "value": "",
    "slotSetting": false
  },
  {
    "name": "IDENTITY__GOOGLECLIENT",
    "value": "",
    "slotSetting": false
  },
  {
    "name": "IDENTITY__GOOGLESECRET",
    "value": "",
    "slotSetting": false
  },
  {
    "name": "IDENTITY__MICROSOFTCLIENT",
    "value": "aaaaa",
    "slotSetting": false
  },
  {
    "name": "IDENTITY__MICROSOFTSECRET",
    "value": "aaaaaaa",
    "slotSetting": false
  },
  {
    "name": "IDENTITY__OIDCAUTHORITY",
    "value": "https://dynatexdigital.b2clogin.com/tfp/myTenantId/B2C_1A_SIGNUP_SIGNIN/v2.0",
    "slotSetting": false
  },
  {
    "name": "IDENTITY__OIDCMETADATAADDRESS",
    "value": "https://dynatexdigital.b2clogin.com/dynatexdigital.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNUP_SIGNIN",
    "slotSetting": false
  },
  {
    "name": "IDENTITY__OIDCCLIENT",
    "value": "myClientId",
    "slotSetting": false
  },
  {
    "name": "IDENTITY__OIDCRESPONSETYPE",
    "value": "code",
    "slotSetting": false
  },
  {
    "name": "IDENTITY__OIDCSECRET",
    "value": "Mysercrete",
    "slotSetting": false
  },
  {
    "name": "IDENTITY__SUPPRESSXFRAMEOPTIONSHEADER",
    "value": "true",
    "slotSetting": false
  },
  {
    "name": "LOGGING__APPLICATIONINSIGHTS__ENABLED",
    "value": "true",
    "slotSetting": false
  },
  {
    "name": "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET",
    "value": "aaaaa",
    "slotSetting": true
  },
  {
    "name": "SnapshotDebugger_EXTENSION_VERSION",
    "value": "disabled",
    "slotSetting": true
  },
  {
    "name": "STORE__MONGODB__CONFIGURATION",
    "value": "aaaaa",
    "slotSetting": false
  },
  {
    "name": "UI__REDIRECTTOLOGIN",
    "value": "true",
    "slotSetting": false
  },
  {
    "name": "URLS__BASEURL",
    "value": "https://testsquid.dynatex.io/",
    "slotSetting": false
  },
  {
    "name": "VIRTUAL_HOST",
    "value": "testsquid.dynatex.io",
    "slotSetting": false
  },
  {
    "name": "WEBSITE_HTTPLOGGING_RETENTION_DAYS",
    "value": "10",
    "slotSetting": false
  },
  {
    "name": "XDT_MicrosoftApplicationInsights_BaseExtensions",
    "value": "disabled",
    "slotSetting": true
  },
  {
    "name": "XDT_MicrosoftApplicationInsights_Mode",
    "value": "recommended",
    "slotSetting": true
  },
  {
    "name": "XDT_MicrosoftApplicationInsights_PreemptSdk",
    "value": "disabled",
    "slotSetting": true
  }
]

Thiss is my config

Why have you configured this? It obviously does not work.

I saw it in Appseting, so I put it in

Im using this authority URL in my API project, it work