2

I followed this article where it explains how to implement a custom policy using Active Directory B2C. Everything is working great, the only concern I have is that the custom claim is returned like a serialized object. Let me explain a little bit better. I successfully created the Azure Function which return the custom claim. The encoded resulting JWT is like the following (please focus on the "userPermissions" value):

{
  "exp": 1594560277,
  "nbf": 1594556677,
  "ver": "1.0",
  "auth_time": 1594556677,
  "userPermissions": "{\r\n \"permissions\":\"test1\"\r\n}" <============= HERE
}

As you can see the "userPermissions" claim is a "serialized JSON". I would like to have a JWT like the following:

{
  "exp": 1594560277,
  "nbf": 1594556677,
  "ver": "1.0",
  "auth_time": 1594556677,
  "userPermissions": "test1" <============ HERE
}

As you can see the "test1" is a simple string. You may think: come on BrianEnno! This is very simple, instead of returning a "serialized JSON" your Azure Function should return a "string". Well, if I try to return a (well formed) string I received this error:

ServerError: AADB2C90261: The claims exchange 'GetPermissions' specified in step '4' returned HTTP error response that could not be parsed.

Is there a way to let it work?

brian enno
  • 400
  • 5
  • 16
  • Can you share the exact JSON payload that your API responds with to B2C? – Jas Suri - MSFT Jul 12 '20 at 18:08
  • yes, this is the payload: – brian enno Jul 12 '20 at 19:35
  • { "exp": 1594585690, "nbf": 1594582090, "ver": "1.0", "iss": "https://fakeurl.b2clogin.com/fcac6c6c-f834-43bb-a6b4-a34bc4e22f45/v2.0/", "sub": "39503f-452c-987c-354bc32409ab", "aud": "240294b2ee1-81f3-720cba6a5afd", "acr": "b2c_1a_pp_signup_signin", "nonce": "240294b2-a4df-81f3-987c-720cba6a5afd", "iat": 1594582090, "auth_time": 1594582090, "name": "xxxxxx", "given_name": "yyyyyy", "family_name": "zzzzzzz", "userPermissions": "{\r\n \"permissions\": \"prova1,prova2\",\r\n \"appType\": \"pp\",\r\n }", "tid": "240294b2ee1-81f3-720cba6a5afd" } – brian enno Jul 12 '20 at 19:36
  • B2C can’t deserialise the claim in the JSON you send back, each key value pair in the JSON is treated as string, string collection or Boolean. You have to deserialise the string at the API, or return a proper nested JSON object without the escape chars. – Jas Suri - MSFT Jul 12 '20 at 21:08

1 Answers1

0
using Microsoft.AspNetCore.Mvc;
[HttpGet]
        public async Task<JsonResult> Groups(string objectId)
        { 
            string userPermissions = "test1";
            
            //!!!!!This is the trick if I sent plain json I got the error
            
            JsonResult o = new JsonResult(
                new
                {
                    userPermissions;
                });

            return o;
}
George Mihai Lazar
  • 41
  • 4