I am using B2C custom policies to federate to the external Azure AD Identity Provider. I was successful before when federating with client secrets, but trying to switch to certificates now, and getting an error "No url encoding for asymmetric keys". Here is what I did as a Proof Of Concept:
- Generated a new self-signed certificate in Azure keyvault
- Exported it into the .pfx and .cer files.
- In B2C created a Policy key and uploaded the .pfx certificate there
- In custom policy referenced that policy key
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_MyB2CPolicy" />
</CryptographicKeys>
- In Azure AD app registration under Certificates and Secrets uploaded the .cer file (with public key)
- Tried to connect using MSAL.js
- Received a "server error" with correlation id, which in appinsights shows up as
{
"Key": "SendErrorTechnicalProfile",
"Value": "OpenIdConnectProtocolProvider"
},
{
"Key": "Exception",
"Value": {
"Kind": "Handled",
"HResult": "80131500",
"Message": "An invalid OAuth response was received: \"{0}\".",
"Data": {
"IsPolicySpecificError": false
},
"Exception": {
"Kind": "Handled",
"HResult": "80131515",
"Message": "No url encoding for asymmetric keys",
"Data": {}
}
}
}
What am I doing wrong? Do I need to convert the certificates to another format before uploading? Perhaps .pem? The problem is, there is no documentation I could find on this anywhere.
