Azure AD B2C Invalid email / username or password on sign in #6999
-
I have an Azure AD B2C user flow (sign up & sign in) that I use in my wiki js app and in another app (next js) in order to have a single sign on between the 2 of them. In my wiki js app I have a auth strategy configured exactly how it says in the docs. Its using the same auth service as the next js app. I register the local accounts in the next js app and when I login in it everything works as expected, but if I try to login in the wiki js app using the same service, I always get the following error: "Invalid email / username or password". Even if I go directly to the wiki js app and try to login with this accounts I get the same error. My wiki js app is registred in the same tenant as the next js app and has the following Permissions: Is there any hidden config on the wiki js auth that can maybe interfere in the success of the login of Azure AD B2C service? How can I solve this? If I'm using an Azure AD auth is it necessary to have the user in the wiki js database? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
SOLUTION The issue came from the JWT sent by AZURE AD B2C auth which do not contains I fix this by changing the following lines in "/server/modules/authentication/azure/authentication.js" file. we changed:
for:
Also the JWT from B2C doesn't contain the from:
to:
PS: we can only add other emails from the azure ad b2c portal, so it's a valid solution |
Beta Was this translation helpful? Give feedback.
SOLUTION
The issue came from the JWT sent by AZURE AD B2C auth which do not contains
email
orpreferred_username
fields expected by Azure AD authentication.The JWT from b2c returns an array
emails
.I fix this by changing the following lines in "/server/modules/authentication/azure/authentication.js" file.
we changed:
const usrEmail = _.get(profile, '_json.email', null) || _.get(profile, '_json.preferred_username')
for:
Also the JWT from B2C doesn't contain the
oid
.I also change this lines to fix this:
from: