C
C#2mo ago
Abdesol

Using Azure ADB2C, new user claim is being sent on every sign in

I am trying to use azure ad b2c for user signup and signin. And after signup, I want to use the newUser claim to add the user email to queue storage for one of my azure functions to do a task around it. I am using ASP.NET as a web application for this. The problem is that azure ad b2c is caching the token in the browser. So, whenever I sign in, it is not sending a refreshed token. So, the newuser claim is being sent until I logout and login again. I wanted to manually check if the user is in database using microsoft graphs but the catch with this one is, by the time I am checking, the user is already in the users list.
1 Reply
Abdesol
AbdesolOP2mo ago
This is the authentication schema I am using: 
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
                .AddOpenIdConnect(options =>
                {
                    configuration.GetSection("AzureAdB2C").Bind(options);
                    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                    options.ResponseType = "code";
                    options.SaveTokens = true;
                    options.Scope.Add("openid");
                    options.Scope.Add("profile");
                    options.Scope.Add(options.ClientId!);

                    options.Events = new OpenIdConnectEvents()
                    {
                        OnRedirectToIdentityProvider = context =>
                        {
                            if (context.Request.Path != "/account/sign-in")
                            {
                                var endpoint = context.HttpContext.GetEndpoint();
                                context.Response.StatusCode = endpoint != null
                                    ? StatusCodes.Status401Unauthorized
                                    : StatusCodes.Status404NotFound;
                                context.HandleResponse();
                            }

                            return Task.CompletedTask;
                        }
                    };
                });
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
                .AddOpenIdConnect(options =>
                {
                    configuration.GetSection("AzureAdB2C").Bind(options);
                    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                    options.ResponseType = "code";
                    options.SaveTokens = true;
                    options.Scope.Add("openid");
                    options.Scope.Add("profile");
                    options.Scope.Add(options.ClientId!);

                    options.Events = new OpenIdConnectEvents()
                    {
                        OnRedirectToIdentityProvider = context =>
                        {
                            if (context.Request.Path != "/account/sign-in")
                            {
                                var endpoint = context.HttpContext.GetEndpoint();
                                context.Response.StatusCode = endpoint != null
                                    ? StatusCodes.Status401Unauthorized
                                    : StatusCodes.Status404NotFound;
                                context.HandleResponse();
                            }

                            return Task.CompletedTask;
                        }
                    };
                });
I tried tweaking the SaveTokens, SignInSchema and other attributes, but all of them result in some form of authentication and schema errors. I appreciate any idea or help around this. Thank you!
Want results from more Discord servers?
Add your server