I Have been trying to add a OAuth2.0 custom policy for Azure AD B2C to connect with External IDP (DocCheck).
Same policy has google claim provider also which is working . I have verified ClientId And ClientSecret with DocCheck app registration and redirect URL also looks good.
This is Claim Provider configuration for doccheck
<TechnicalProfile Id="docCheck-OAUTH2">
<DisplayName>DocCheck</DisplayName>
<Protocol Name="OAuth2" />
<Metadata>
<Item Key="ProviderName">login.doccheck.com</Item>
<Item Key="authorization_endpoint">https://login.doccheck.com/code/de/************/fullscreen_dc/</Item>
<Item Key="AccessTokenEndpoint">https://login.doccheck.com/service/oauth/access_token/</Item>
<Item Key="ClaimsEndpoint">https://login.doccheck.com/service/oauth/user_data/</Item>
<Item Key="HttpBinding">POST</Item>
<!-- <Item Key="scope">email profile openid</Item> -->
<!-- <Item Key="response_types">code</Item>
<Item Key="response_mode">query</Item> -->
<Item Key="BearerTokenTransmissionMethod">AuthorizationHeader</Item>
<Item Key="token_endpoint_auth_method">client_secret_post</Item>
<!-- <Item Key="scope">https://api.ebay.com/oauth/api_scope/commerce.identity.readonly</Item> -->
<Item Key="UsePolicyInRedirectUri">0</Item>
<Item Key="client_id">**********</Item>
</Metadata>
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_DocCheckSecret" />
</CryptographicKeys>
<!-- <InputClaims> -->
<!-- <InputClaim ClaimTypeReferenceId="access_type" PartnerClaimType="access_type" DefaultValue="offline" AlwaysUseDefaultValue="true" /> -->
<!-- The refresh_token is return only on the first authorization for a given user. Subsequent authorization request doesn't return the refresh_token.
To fix this issue we add the prompt=consent query string parameter to the authorization request-->
<!-- <InputClaim ClaimTypeReferenceId="prompt" PartnerClaimType="prompt" DefaultValue="consent" AlwaysUseDefaultValue="true" /> -->
<!-- </InputClaims> -->
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="id" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="address_name_first" />
<OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="address_name_last" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="address_name_first" />
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="docheck.com" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
<!-- The unit test's claims-->
<OutputClaim ClaimTypeReferenceId="oauth2Access_token" PartnerClaimType="{oauth2:access_token}" />
<OutputClaim ClaimTypeReferenceId="oauth2Expires_in" PartnerClaimType="{oauth2:expires_in}" />
<OutputClaim ClaimTypeReferenceId="oauth2Refresh_token" PartnerClaimType="{oauth2:refresh_token}" />
<OutputClaim ClaimTypeReferenceId="oauth2Token_type" PartnerClaimType="{oauth2:token_type}" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
<OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
<OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
<OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" />
</OutputClaimsTransformations>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
</TechnicalProfile>
I am getting following error.
AADB2C90289: We encountered an error connecting to the identity provider. Please try again later. Correlation ID: 188d934d-f1f0-48c5-98c4-917b032b94d2 Timestamp: 2019-11-29 10:54:49Z
Followed this documentation
Calling AccessTokenEndpoint directly with code returned from auth endpoint with same client id and secret , I am able to get the token from postman.
