I have enabled azure web authentication in my web application and when unauthenticated users tried to access it, azure redirects it to https://example.azurewebsites.net/.auth/login/aad/callback page and shows the message "You do not have permission to view this directory or page."
For non-authorized users, instead of showing above message I want to redirect to another custom page to show another message.
Thanks in advance.
Thanks,
Tushar
Unfortunately , Azure AD doesn't support this feature for now.
I understand what you want to achieve. You can upvote this idea in this User Voice Page. Azure AD Team will review it.
Hope this helps!
ACS gives you error messages in encoded JSON like this
{"context":null,"httpReturnCode":401,"identityProvider":"Google","timeStamp":"2010-12-17 21:01:36Z","traceId":"16bba464-03b9-48c6-a248-9d16747b1515","errors":[{"errorCode":"ACS30000","errorMessage":"There was an error processing an OpenID sign-in response."},{"errorCode":"ACS50019","errorMessage":"Sign-in was canceled by the user."}]}
First you need to enable the "Error URL feature" in management portal, for your ACS namespace-> Edit Relying party-> Error URL.
You need a helper classes to decode the JSON. steps here
Configure anon access to them Error page.
With this you will have full control of the page, you can show the error message the way wants and brand the page to match the look and feel of your relying party web.
Related
Im making a dashboard for my discord bot on replit with Node.Js but when I click "add to discord/add to server" it says "Invalid OAuth2 redirect_uri" how can I fix this?
Kind reminder, when asking questions make sure to provide the most amount of details to further assists others in assisting you.
The error derives from the redirect_uri parameter in your oauth2 link not matching with those in the developer portal.
In your developer portal go to OAuth2 -> General -> Redirects
Make sure you have one created.
Then go to the URL Generator, select your scopes, and then in the option where it says SELECT REDIRECT URL set that to the url you just created/selected.
Integrated a web application(SPA) with azure B2C for user authentication. During logging from web app, I’m seeing this b2c exception code (AADB2C99059) on the UI instead of actual b2c login screen. Please suggest me on this scenario, whether I have to make any changes in b2c configuration or the backend application code to make any changes.
The Error (AADB2C99059: The supplied request must present a code challenge) generally comes when you are missing your code challenge in run now URL. You can test the user flow without implementing it in an application by appending a static value for the code_challange on the run now url.
For example, you can append &code_challenge=YTFjNjI1OWYzMzA3MTI4ZDY2Njg5M2RkNmVjNDE5YmEyZGRhOGYyM2IzNjdmZWFhMTQ1ODg3NDcxY2Nl to the url and it should work for you.
If above code challenge is not working for you can also generate your code challenge using C# code and pass it to the request URL.
You can refer this document to know how to generate the code_challenge
This should be automatic in an SPA.
It's part of the "Run Now" flow.
I'm trying to develop a drive solution (Onedrive) in a windev program.
I created an application in Microsoft Azure and created a secret key.
When doing the first request https://login.live.com/oauth20_authorize.srf?client_id={client_id}&scope={scope} &response_type=code&redirect_uri={redirect_uri} I'm redirected on the connection page.
Once I'm connected I get a code back as https://login.live.com/oauth20_authorize.srf?code={code}.
But when I ask for a token posting this request : POST https://login.live.com/oauth20_token.srf Content-Type: application/x-www-form-urlencoded client_id={client_id}&redirect_uri={redirect_uri}&client_secret={client_secret} &code={code}&grant_type=authorization_code
I get this back
{ "error":"invalid_client", "error_description":"The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https:\/\/go.microsoft.com\/fwlink\/?linkid=2083908.", "correlation_id":"471e800c-69b4-43c6-a03f-a1f7e9512e6b" }
Thank you for your help.
This error means you are using a Microsoft Account to login your client app, but it is not enabled for that.
To change the setting for an existing AD App, navigate to the Manifest blade of it in the portal, find the signInAudience attribute, set it with AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
I am working on Safaricom Daraja API B2C but some of the required test credentials are not displayed in the Safaricom Dashboard.
As you can see above, the initiator name and security credentials are not provided yet they are needed in the B2C API call.
How do I get these credentials.
EDIT:
This question was asked before Safaricom upgraded to the new Daraja Dashboard. The problem has now been sorted
Apparently, for some unknown reason to us, Safaricom chose to hide the test credentials and if you need them, you have to write them an email at apisupport#safaricom.co.ke and request for the test credentials. You will get a response in less than an hour with shortcodes and initiators that you can use for test.
Source -> https://survtechnologies.co.ke/get-test-credentials-safaricom-m-pesa-daraja-api/
The test Credentials are on the simulator link, bottom right redirects to the link.
Please try this with the new mpesa portal2.0 - It is straight-forward
I'm trying to do an Authorization request following the documentation about it on Microsoft (Getting access on behalf of a user: https://learn.microsoft.com/en-us/graph/auth-v2-user). I'm making the request using Azure's Logic Apps. I already made an app registration in Azure AD and gave it the following permissions (I used the app for a few different requests before so that's why it contains a lot of unnecessary api permissions). I already succeeded in getting access without a user (https://learn.microsoft.com/en-us/graph/auth-v2-service). Now I really don't know what I'm doing wrong, so if anybody has an idea of what it is, please let me know. I will try to explain as carefully as possible using screenshots so you guys get the idea of what I'm trying to do.
On the first screen below you can see the api permission I added to my app registration. For this request I'm only asking authorization for the one with arrow next to it(as you will see later on).
On the second screen you can see the HTTP post request I'm trying to make to the authorize endpoint. I blurred out the Tenant and Client_id for privacy reasons. I only added the required parameters in the body as described by Microsoft. In the scope parameter you can see the api permission I'm asking permission for.
On the third screenshot you can see the output of the request. Instead of getting an Authorization code as requested, I get an HTML body.
When I paste that HTML body into a browser it gives me the following result:
I have no clue what I'm doing wrong. I tripled checked to make sure cookies are enabled, made sure third-party cookies are not disabled and added login.microsoftonline to my trusted websites.
I'm starting to think I'm doing something very simple wrong, but I can't figure out exactly what. Any help is welcome! :D
Sorry can't add a comment so posting as an answer
What you are trying to implement is the Authorization Code grant flow of OAUTH 2.0. In Authorization code grant flow following steps occur
1) User is presented with the scopes that an application requires when accessing certain resources,
2) The user authorizes this. and the user is redirected to a redirect url
3) The application then exchanges the code sent with the redirect url to get the actual token which in this case will be sent to the Microsoft Graph for validation.
4) User then sees the information pulled.
The major crux of Authorization Code grant flow is that "User Authorization is required" This basically means that this flow is used when the call is invoked from a browser client where the user is actually interacting. This flow should not go through the Azure Logic Apps. If you want a service or a daemon to access the resources in that case you should use Client Credentials Grant flow