Last post Jul 20, 2020 05:02 PM by titusm2020
Jul 20, 2020 05:02 PM|titusm2020|LINK
We are working on an application that uses the LTI 1.3 specifications, which sits on top of the OpenId Connect 1.0 specification. The open id connect specs allow for initiating login from a 3rd party. https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin.
Our use case is we don’t want a login screen to appear. We do not have any SelfAsserted technical profiles. We've done an OpenId Connect flow using the Identity Experience Framework (custom policies) up to the point where the 3rd party issues an id_token
and it’s posted to the Azure B2C url https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp
We have found out that the Azure B2C is not using the jwks_uri endpoint found in the .well-known/openid-configuration metadata endpoint that we specified in the TechnicalProfile.
The error that we are receiving is:
AADB2C90239: The provided token failed signature validation. Please provide another token and try again.
When I copy the id_token and use the jwks_uri endpoint from the 3rd party well-known endpoint that we specified in the TechnicalProfile to validate the token, it is a valid token.
What is Azure B2C using to validate the signature of the id_token posted to https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp?