Custom domains and v2 incompatibility

Open on Drupal.org →

Created on 20 March 2024, 9 months ago

Problem/Motivation

If using custom domains in Azure B2C, the logic in WindowsAad::__construct() for v2 fails as it's checking for `.b2clogin.com` in the endpoint URL.

Steps to reproduce

- Set up a B2C client as usual
- Set up Azure front door to be able to use a custom domain
- Ensure this custom domain is set the endpoints on the client & the endpoints are the v2 version (I think the only available ones now)
- Try to sign up/log in
- The login will fail and you'll be sent to a 403 with this error in the logs `No e-mail address provided by CLIENT_ID`

Proposed resolution

- Remove the `str_contains($endpoint, '.b2clogin.com/')` part of the check
- Alternatively, we could add a setting to select that it's v2 but I can't see why we need any more than the `/oauth2/v2.0/authorize` check

Remaining tasks

- Review and test

User interface changes

None

API changes

None

Data model changes

None

🐛 Bug report

Status

Active

Version

2.0

Component

Code

Created by

🇬🇧United Kingdom kimberleycgm

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Merge Requests

!27Custom domains and v2 incompatibility
Open
🇬🇧United Kingdom kimberleycgm
updated 9 months ago

Comments & Activities

Issue created by @kimberleycgm
Merge request !27Remove hardcoded check for b2clogin.com to allow v2 to work with custom domains → (Open) created by kimberleycgm
Status changed to Needs review 9 months ago2:41pm 20 March 2024
Comment 9 months ago →
🇬🇧United Kingdom kimberleycgm
Attaching patch file too ( https://www.drupal.org/docs/develop/git/using-gitlab-to-contribute-to-dr... → )
Comment 9 months ago →
🇩🇪Germany webflo
I have added the $isB2Cv2 property because Azure B2C does not support userinfo Endpoints and has a few differences like OAuth scopes, and API response formats. I think its not possible to have it all in one implementation.

It is probably best to expose the B2Cv2 option to the configuration form.
Status changed to Needs work about 1 month ago9:33am 10 November 2024
Comment about 1 month ago →
🇩🇪Germany webflo
@kimberleycgm The patch does not work in every situation. The non B2C Endpoints end with "/oauth2/v2.0/authorize" as well.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024