Comments (8)
@mamood What you found is correct.
This is a known issue w/B2C. The reason is because B2C does not return a value in the IdToken for preferred username because of the limitations with the social accounts. For example, AAD does return a value here because it knows who the user is, but for b2c, because the user can sign in with a local account, FB, Github, etc...there is not a consistent value for them to use for preferred username. Also, some social accounts (like Github) don't require email. So...to unblock MSAL from rolling out cache compatibility with ADAL, we decided to use "Missing from the token response" on our end when dealing with the B2C accounts.
You can, however, use the "name" claim as the preferred username. I believe you can add that in the policy. If you need more information on this, let me know and I'll sync w/B2C. It's generally mentioned in this B2C doc -> "In the Return claim column, choose claims you want returned in the authorization tokens sent back to your application after a successful profile editing experience. For example, select Display Name, Postal Code.”
closing, as this is by design currently, but please tag me if you need more guidance on this.
from active-directory-b2c-dotnetcore-webapp.
@jennyf19 Can you please explain the steps to fix the issue. somehow I am not able to do the above-mentioned step to fix the issue.
from active-directory-b2c-dotnetcore-webapp.
@tarun00197 what are you trying to do?
from active-directory-b2c-dotnetcore-webapp.
Hi jennyf19, I am also trying to get this message not to display. I've been through the articles and I must be missing something. Please could you point me in the direction of a step by step process to get the 'user' or simply clear the message. I've been though the "articleB2C doc" and cant find the solution.
from active-directory-b2c-dotnetcore-webapp.
@ryanglenn79 @tarun00197
Not sure if this will help.
In the portal, under the policy you want to target, go to Application Claims blade and make sure Display Name is enabled:
When i have this enabled, in the AuthResult, in the idToken, you'll see the name value:
If not, you won't see it:
You can parse the idToken to get the claims. You can do something like this:
private void DisplayUserInfo(AuthenticationResult authResult)
{
TokenInfoText.Text = "";
if (authResult != null)
{
JObject user = ParseIdToken(authResult.IdToken);
TokenInfoText.Text += $"Name: {user["name"]?.ToString()}" + Environment.NewLine;
TokenInfoText.Text += $"User Identifier: {user["oid"]?.ToString()}" + Environment.NewLine;
TokenInfoText.Text += $"Street Address: {user["streetAddress"]?.ToString()}" + Environment.NewLine;
TokenInfoText.Text += $"City: {user["city"]?.ToString()}" + Environment.NewLine;
TokenInfoText.Text += $"State: {user["state"]?.ToString()}" + Environment.NewLine;
TokenInfoText.Text += $"Country: {user["country"]?.ToString()}" + Environment.NewLine;
TokenInfoText.Text += $"Job Title: {user["jobTitle"]?.ToString()}" + Environment.NewLine;
if (user["emails"] is JArray emails)
{
TokenInfoText.Text += $"Emails: {emails[0].ToString()}" + Environment.NewLine;
}
TokenInfoText.Text += $"Identity Provider: {user["iss"]?.ToString()}" + Environment.NewLine;
}
}
from active-directory-b2c-dotnetcore-webapp.
Hi Jenny
Thank you for answering. I have everything already setup as you suggest, and I am receiving "Display Name", however I am still receiving "Account username: Missing from the token response environment"
When executing
IEnumerable<IAccount> accounts = await PCA.GetAccountsAsync();
The this displays in the email field for logging in.
from active-directory-b2c-dotnetcore-webapp.
I am getting the same behavior when calling PCA.GetAccountsAsync()
from MSAL .net library. I see in the token that the name property is coming down properly from azure when decoding the token but it doesn't appear to get set on the Account object for the token cache. According to https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-aad-b2c-considerations
I believe you mentioned this in above post..
Mitigation for "Missing from the token response"
One option is to use the "name" claim as the preferred username. The process is mentioned in this B2C doc -> "In the Return claim column, choose the claims you want returned in the authorization tokens sent back to your application after a successful profile editing experience. For example, select Display Name, Postal Code.”
I tried following the reference mentioned above to https://docs.microsoft.com/en-us/azure/active-directory-b2c/user-flow-overview but I don't see any mention of the process mentioned above.
I have tried to adding all the application claims that you have shown in your screenshot and still am not getting the username field to populate on the Account object when calling PCA.GetAccountsAsync()
.
You aren't using that in your example and instead are parsing the token for the claims which is working but that doesn't seem like it would work with the token cache in the MSAL library without getting a username when using local accounts.
I could be misunderstanding something but above are the steps I have taken to try and resolve. I can see a work around by maybe using the oid or sub claim and after acquiring the token and sending to client the first time it can get sent back up in the token and parsed to filter the MSAL Accounts object by oid for token cache account filtering. It would be nice to be able to use the name claim but MSAL doesn't seem to properly work with it. Does that sound correct?
from active-directory-b2c-dotnetcore-webapp.
@ryanglenn79 @chris-skuvault Including "name" back in the claims has no impact on the MSAL cache. It will be included in the id_token, so you can filter there and display the user name if you want. You won't be able to get the name from the Account object. Sorry that was not clear.
There is only one cache per user, but each user will have multiple accounts or tokens in the cache, as each B2C policy is a separate IdP, so that's why you have to filter by policy.
from active-directory-b2c-dotnetcore-webapp.
Related Issues (20)
- got secure error when I try to sign in HOT 2
- Not compatible with aspnet core 2.1 HOT 1
- Error from RemoteAuthentication: Message contains error: 'redirect_uri_mismatch', error_description: 'AADB2C90006: The redirect URI 'http://b2.95e4700435c54427a457.northeurope.aksapp.io/signin-oidc' provided in the request is not registered for the client id 'eb201049-e7b1-4227-9a7c-5bb259261d37'. Correlation ID: 8f75359e-009f-44e3-b537-3f85f58cdd9c HOT 6
- User.Identity.Name is null and HttpContext.User.Claims is empty HOT 6
- Single-Sign Out AD B2C HOT 2
- NullReferenceException in MSALSessionCache constructor HOT 1
- acquireTokenSilent sometimes returns a null accesstoken HOT 1
- Error messages in OnRemoteFailure should be url encoded before appending to query string HOT 3
- Latest version of AAD B2C? HOT 2
- Update the repository to not use Bower HOT 3
- Update the repository to use the latest MSAL version HOT 2
- b2clogin.com for ASP.NET Core HOT 7
- No accounts being returned on cca.GetAccountsAsync()
- Words 'simple' and 'dead simple' should be removed from content. HOT 1
- Unit testing for SessionController HOT 1
- Compatibility with .NET Core 3.1 HOT 2
- How do I diagnose errors? HOT 1
- How to pass domain_hint while calling B2C for login HOT 1
- How to select a policy at runtime?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from active-directory-b2c-dotnetcore-webapp.