This sample illustrates how to use spring-cloud-azure-starter-active-directory-b2c
package to work with OAuth 2.0 and OpenID Connect protocols with Azure Active Diretory B2C.
Follow the guide of AAD B2C tenant creation.
Follow the guide of AAD B2C application registry.
Please ensure that your b2c application's Redirect URL
is configured to http://localhost:8080/login/oauth2/code/
.
Follow the guide of AAD B2C user flows creation.
-
Fill in
${AUTHORIZATION_SERVER_BASE_URI}
from Azure AD B2C portalApp registrations
blade, select Endpoints, copy the base endpoint uri(Global cloud format may looks likehttps://{your-tenant-name}.b2clogin.com/{your-tenant-name}.onmicrosoft.com
, China Cloud looks likehttps://{your-tenant-name}.b2clogin.cn/{your-tenant-name}.partner.onmschina.cn
).NOTE: We could copy
Azure AD B2C OAuth 2.0 token endpoint (v2)
and delete/<policy-name>/oauth2/v2.0/token
. -
Select one registered instance under
Applications
from portal, and then:- Fill in
${AZURE_CLIENT_ID}
fromApplication ID
. - Fill in
${AZURE_CLIENT_SECRET}
from one ofKeys
.
- Fill in
-
Add your user flows defined on the Azure Portal under the
user-flows
configuration, which is a map, you can give each user flow a key and the value will be the name of user flow defined in AAD B2C. By default, we use the keysign-up-or-sign-in
for a login user flow andpassword-reset
for the Password reset type user flow, you can choose to override them.NOTE: If you override password-reset or profile-edit in application.yml, make sure to change
${PASSWORD_RESET_USER_FLOW_NAME}
or${PROFILE_EDIT_FLOW_NAME}
to your configured properties inresources/templates/home.html
. -
Fill in
${LOGIN_USER_FLOW_KEY}
with the key of your login user flow, we will use the valuesign-up-or-sign-in
to look up the user-flows map if this property is not provided. -
Replace
${LOGOUT_SUCCESS_URL}
tohttp://localhost:8080/login
.
spring:
cloud:
azure:
active-directory:
b2c:
enabled: true
base-uri: ${AUTHORIZATION_SERVER_BASE_URI}
client-id: ${AZURE_CLIENT_ID}
client-secret: ${AZURE_CLIENT_SECRET}
login-flow: ${LOGIN_USER_FLOW_KEY} # default to sign-up-or-sign-in, will look up the user-flows map with provided key.
logout-success-url: ${LOGOUT_SUCCESS_URL}
user-flows:
password-reset: ${PROFILE_EDIT_FLOW_NAME}
profile-edit: ${PASSWORD_RESET_USER_FLOW_NAME}
sign-up-or-sign-in: ${SIGN_UP_OR_SIGN_IN_FLOW_NAME}
user-name-attribute-name: ${USER_NAME_CLAIM}
NOTE: If both tenant
and baseUri
are configured at the same time, only baseUri
takes effect.
cd azure-spring-boot-samples/aad/spring-cloud-azure-starter-active-directory-b2c/aad-b2c-web-application
mvn spring-boot:run
- Access
http://localhost:8080/
as index page. - Sign up/in.
- Profile edit.
- Password reset.
- Log out.
- Sign in.
-
Missing attribute 'name' in attributes
java.lang.IllegalArgumentException: Missing attribute 'name' in attributes at org.springframework.security.oauth2.core.user.DefaultOAuth2User.<init>(DefaultOAuth2User.java:67) ~[spring-security-oauth2-core-5.3.6.RELEASE.jar:5.3.6.RELEASE] at org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser.<init>(DefaultOidcUser.java:89) ~[spring-security-oauth2-core-5.3.6.RELEASE.jar:5.3.6.RELEASE] at org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService.loadUser(OidcUserService.java:144) ~[spring-security-oauth2-client-5.3.6.RELEASE.jar:5.3.6.RELEASE] at org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService.loadUser(OidcUserService.java:63) ~[spring-security-oauth2-client-5.3.6.RELEASE.jar:5.3.6.RELEASE]
While running sample, if error occurs with logs above:
- make sure that while creating user workflow by following this guide, for User attributes and claims , attributes and claims for Display Name should be chosen.
This issue almost due to polluted cookies of localhost
. Clean up cookies of localhost
and try it again.
Follow the guide of Set up Google account with AAD B2C. And also available for Amazon, Azure AD, FaceBook, Github, Linkedin and Twitter.