This sample illustrates how to use spring-cloud-azure-starter-active-directory-b2c package to work with OAuth 2.0 and OpenID Connect protocols with Azure Active Diretory B2C.
Follow the guide of AAD B2C tenant creation.
Follow the guide of AAD B2C application registry.
Please ensure that your b2c application's Redirect URL is configured to http://localhost:8080/#/oauth2/code/.
Follow the guide of AAD B2C user flows creation.
-
Fill in
${AUTHORIZATION_SERVER_BASE_URI}from Azure AD B2C portalApp registrationsblade, select Endpoints, copy the base endpoint uri(Global cloud format may looks likehttps://{your-tenant-name}.b2clogin.com/{your-tenant-name}.onmicrosoft.com, China Cloud looks likehttps://{your-tenant-name}.b2clogin.cn/{your-tenant-name}.partner.onmschina.cn).NOTE: We could copy
Azure AD B2C OAuth 2.0 token endpoint (v2)and delete/<policy-name>/oauth2/v2.0/token. -
Select one registered instance under
Applicationsfrom portal, and then:- Fill in
${AZURE_CLIENT_ID}fromApplication ID. - Fill in
${AZURE_CLIENT_SECRET}from one ofKeys.
- Fill in
-
Add your user flows defined on the Azure Portal under the
user-flowsconfiguration, which is a map, you can give each user flow a key and the value will be the name of user flow defined in AAD B2C. By default, we use the keysign-up-or-sign-infor a login user flow andpassword-resetfor the Password reset type user flow, you can choose to override them.NOTE: If you override password-reset or profile-edit in application.yml, make sure to change
${PASSWORD_RESET_USER_FLOW_NAME}or${PROFILE_EDIT_FLOW_NAME}to your configured properties inresources/templates/home.html. -
Fill in
${LOGIN_USER_FLOW_KEY}with the key of your login user flow, we will use the valuesign-up-or-sign-into look up the user-flows map if this property is not provided. -
Replace
${LOGOUT_SUCCESS_URL}tohttp://localhost:8080/#.
spring:
cloud:
azure:
active-directory:
b2c:
enabled: true
base-uri: ${AUTHORIZATION_SERVER_BASE_URI}
client-id: ${AZURE_CLIENT_ID}
client-secret: ${AZURE_CLIENT_SECRET}
login-flow: ${LOGIN_USER_FLOW_KEY} # default to sign-up-or-sign-in, will look up the user-flows map with provided key.
logout-success-url: ${LOGOUT_SUCCESS_URL}
user-flows:
password-reset: ${PROFILE_EDIT_FLOW_NAME}
profile-edit: ${PASSWORD_RESET_USER_FLOW_NAME}
sign-up-or-sign-in: ${SIGN_UP_OR_SIGN_IN_FLOW_NAME}
user-name-attribute-name: ${USER_NAME_CLAIM}NOTE: If both tenant and baseUri are configured at the same time, only baseUri takes effect.
cd azure-spring-boot-samples/aad/spring-cloud-azure-starter-active-directory-b2c/aad-b2c-web-application
mvn spring-boot:run
- Access
http://localhost:8080/as index page. - #/in.
- Profile edit.
- Password reset.
- Log out.
- #.
-
Missing attribute 'name' in attributesjava.lang.IllegalArgumentException: Missing attribute 'name' in attributes at org.springframework.security.oauth2.core.user.DefaultOAuth2User.<init>(DefaultOAuth2User.java:67) ~[spring-security-oauth2-core-5.3.6.RELEASE.jar:5.3.6.RELEASE] at org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser.<init>(DefaultOidcUser.java:89) ~[spring-security-oauth2-core-5.3.6.RELEASE.jar:5.3.6.RELEASE] at org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService.loadUser(OidcUserService.java:144) ~[spring-security-oauth2-client-5.3.6.RELEASE.jar:5.3.6.RELEASE] at org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService.loadUser(OidcUserService.java:63) ~[spring-security-oauth2-client-5.3.6.RELEASE.jar:5.3.6.RELEASE]While running sample, if error occurs with logs above:
- make sure that while creating user workflow by following this guide, for User attributes and claims , attributes and claims for Display Name should be chosen.
This issue almost due to polluted cookies of localhost. Clean up cookies of localhost and try it again.
Follow the guide of Set up Google account with AAD B2C. And also available for Amazon, Azure AD, FaceBook, Github, Linkedin and Twitter.