hello.js
hello.js copied to clipboard
MrSwitch
[QUESTION] Implementing Password reset flow in Azure B2C
Hi,
im using SignInSignUp policy in Azure, my page is developed in react. Loging/Register/Logout works fine.
When user is logged in, browser redirects to redirect.html, which has hello.js script included, and then im redirected back to calling page.
This works fine.
However, as per documentation for password reset:
Instead, the error code AADB2C90118 is returned to your app. Your app needs to handle this error code by invoking a specific password reset policy.
Does this mean that, in redirect.html page I need to create some java script, which will check error_code (provided in url) and then invoke password reset policy? Is this correct flow or am I missing something?
@bolicd HelloJS handles OAuth2 errors outlined in https://tools.ietf.org/html/rfc6749#section-5.2.
You can look at the errors by assigning an errorHandler on the catch i.e. hello('azure').login().catch(errorHandler) i hope that helps.
Still unable to solve this. :(
Hellojs is able to pick up user session changes. Therefore I am able to log in, and when logged in i am able to use:
hello.on('auth.login', function (response) {
console.log('on auth login');
});
This does work. However,
login() {
let hello = window.hello;
hello(config.AZURE_PROFILE)
.login(
{
display: 'page',
force: true,
redirect_uri: '/static/redirect.html'
}
).catch(function (error) {
console.log('error');
})
}
Catch is never run in this example.
Same with:
login() {
let hello = window.hello;
hello(config.AZURE_PROFILE)
.login(
{
display: 'page',
force: true,
redirect_uri: '/static/redirect.html'
}
).then(function() {
alert('You are signed in to Facebook');
}, function(e) {
alert('Signin error: ' + e.error.message);
});
}
Then or error handler are never run.
I'm guessing the issue is with the way redirect works, since it seems like hellojs is unable to pick up query url error that it gets back from Azure. This is the content(URL decoded) of redirect i get from azure when clicking on password forgot link, which is sent back to redirect.html, but not processed correctly it seems:
http://localhost:3000/static/redirect.html#error=access_denied&error_description=AADB2C90118: The user has forgotten their password.
Correlation ID: 5c71652c-3991-4fe9-a39f-5e574c01c173
Timestamp: 2017-07-18 14:33:17Z
&state={"client_id":"123456789101112131415","network":"adB2CSignInSignUp","display":"page","callback":"_hellojs_b6sb13jr","state":"","redirect_uri":"http://localhost:3000/static/redirect.html","scope":"openid,https://testapp.onmicrosoft.com/testapp/read","page_uri":"http://localhost:3000/"}
But then its redirected back to localhost:3000 which does full page refresh and my hellojs.init() is run again.
Any suggestions on this would be greatly appreciated :)
Thank you
Just found that redirect.html hello.js will populate session storage ( localStorage). Guess I can just check localstorage when app starts and if theres an error code for password reset call login('passResetFlow').
I'm facing the same issue.
The json in local storage after the redirect looks as follows:
{
"adB2CSignInSignUp": {
"error": {
"code": "access_denied",
"message": "AADB2C90118:+The+user+has+forgotten+their+password.\r\nCorrelation+ID:+3f341530-ed9a-4546-a646-2e2ac3e3b43d\r\nTimestamp:+2017-07-25+19:29:24Z\r\n"
},
"error_description": "AADB2C90118:+The+user+has+forgotten+their+password.\r\nCorrelation+ID:+3f341530-ed9a-4546-a646-2e2ac3e3b43d\r\nTimestamp:+2017-07-25+19:29:24Z\r\n",
"state": "",
"client_id": "da7caa3a-739c-436c-a32b-b428d3e8c043",
"network": "adB2CSignInSignUp",
"display": "page",
"redirect_uri": "https://localhost:44369/redirect",
"scope": "openid,https://foobar.onmicrosoft.com/foobarapi/use",
"page_uri": "https://localhost:44369"
}
}
@MrSwitch : how come the error handler of hello.js doesn't trigger on this?
@bolicd @thomasdc can you share your config (without anything sensitive) for azure?
i'm trying to login and getting:
{"azure":{"error":{"code":"invalid_resource","message":"AADSTS50001:+Resource+identifier+is+not+provided.\r\nTrace+ID:+1325f2c9-c5b6-486a-b1d6-ea63c27d2000\r\nCorrelation+ID:+32e9cbee-5d41-4e5b-9e67-b87821f25b6a\r\nTimestamp:+2017-08-06+01:27:03Z"},"error_description":"AADSTS50001:+Resource+identifier+is+not+provided.\r\nTrace+ID:+1325f2c9-c5b6-486a-b1d6-ea63c27d2000\r\nCorrelation+ID:+32e9cbee-5d41-4e5b-9e67-b87821f25b6a\r\nTimestamp:+2017-08-06+01:27:03Z","state":"","client_id":"2feff992-96e6-4420-86a4-1e25348a6d09","network":"azure","display":"popup","redirect_uri":"http://localhost:8080/","scope":"basic"}}
tbh, i'm not really sure how to specify resource-id via hello config š
@tony-kerz we shouldn't hack a hellojs issue with azure b2c related questions. Please ask them on the appropriate forums such as stackoverflow.
@bolicd @thomasdc - Thanks for your post. I was able to trap the error using local storage. Can you share your code that you use to invoke the password reset with Azure and Hello.js - This particular issue isn't well documented.
@LTrain
Hey, here it is, its just parsing content of localstorage and invoking pass reset profile if needed:
if (localStorage && localStorage.getItem('hello')) {
let helloState = JSON.parse(localStorage.getItem('hello').toString());
let azureProfileName = config.AZURE_PROFILE;
let helloUserSession = helloState[azureProfileName];
if (helloUserSession && helloUserSession.error && helloUserSession.error.message) {
// check for error code
const msg = helloUserSession.error.message;
if (msg) {
if (msg.indexOf('AADB2C90118') !== -1) {
// start pass reset by invoking hello(PASS_RESET_POLICY)
}
}
}
}
We are already trapping the 'AADB2C90118' error. What Iām looking for is this piece:
// start pass reset by invoking hello(PASS_RESET_POLICY)
What is the value of PASS_RESET_POLICY? Is that a policy ID from our B2C configuration?
Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10
From: Damir Bolicmailto:[email protected] Sent: Friday, February 9, 2018 7:06 AM To: MrSwitch/hello.jsmailto:[email protected] Cc: LTrainmailto:[email protected]; Mentionmailto:[email protected] Subject: Re: [MrSwitch/hello.js] [QUESTION] Implementing Password reset flow in Azure B2C (#506)
Hey, here it is, its just parsing content of localstorage and invoking pass reset profile if needed:
if (localStorage && localStorage.getItem('hello')) {
let helloState = JSON.parse(localStorage.getItem('hello').toString());
let azureProfileName = config.AZURE_PROFILE;
let helloUserSession = helloState[azureProfileName];
if (helloUserSession && helloUserSession.error && helloUserSession.error.message) {
// check for error code
const msg = helloUserSession.error.message;
if (msg) {
if (msg.indexOf('AADB2C90118') !== -1) {
// start pass reset by invoking hello(PASS_RESET_POLICY)
}
}
}
}
ā You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMrSwitch%2Fhello.js%2Fissues%2F506%23issuecomment-364416480&data=02%7C01%7C%7C38cb4f0801cf47ae1f8108d56fb58ad2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636537747856011614&sdata=aXaVsqqt21zEuJ8v38Xdh9zqccuYy9%2FBJ3jySGXQ1wg%3D&reserved=0, or mute the threadhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAux7eF0B4V1mld2sjoGp9Zsp6lggzGeks5tTDS7gaJpZM4OPmIu&data=02%7C01%7C%7C38cb4f0801cf47ae1f8108d56fb58ad2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636537747856011614&sdata=UtsscY60TfCrWBKem5My%2FrYnByc7g0tOucbUFXpBUvk%3D&reserved=0.
And thank you BTW!
Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10
From: Leon Pryormailto:[email protected] Sent: Friday, February 9, 2018 11:06 AM To: MrSwitch/hello.jsmailto:[email protected]; MrSwitch/hello.jsmailto:[email protected] Cc: Mentionmailto:[email protected]; Christopher Broussardmailto:[email protected] Subject: RE: [MrSwitch/hello.js] [QUESTION] Implementing Password reset flow in Azure B2C (#506)
We are already trapping the 'AADB2C90118' error. What Iām looking for is this piece:
// start pass reset by invoking hello(PASS_RESET_POLICY)
What is the value of PASS_RESET_POLICY? Is that a policy ID from our B2C configuration?
Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10
From: Damir Bolicmailto:[email protected] Sent: Friday, February 9, 2018 7:06 AM To: MrSwitch/hello.jsmailto:[email protected] Cc: LTrainmailto:[email protected]; Mentionmailto:[email protected] Subject: Re: [MrSwitch/hello.js] [QUESTION] Implementing Password reset flow in Azure B2C (#506)
Hey, here it is, its just parsing content of localstorage and invoking pass reset profile if needed:
if (localStorage && localStorage.getItem('hello')) {
let helloState = JSON.parse(localStorage.getItem('hello').toString());
let azureProfileName = config.AZURE_PROFILE;
let helloUserSession = helloState[azureProfileName];
if (helloUserSession && helloUserSession.error && helloUserSession.error.message) {
// check for error code
const msg = helloUserSession.error.message;
if (msg) {
if (msg.indexOf('AADB2C90118') !== -1) {
// start pass reset by invoking hello(PASS_RESET_POLICY)
}
}
}
}
ā You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMrSwitch%2Fhello.js%2Fissues%2F506%23issuecomment-364416480&data=02%7C01%7C%7C38cb4f0801cf47ae1f8108d56fb58ad2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636537747856011614&sdata=aXaVsqqt21zEuJ8v38Xdh9zqccuYy9%2FBJ3jySGXQ1wg%3D&reserved=0, or mute the threadhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAux7eF0B4V1mld2sjoGp9Zsp6lggzGeks5tTDS7gaJpZM4OPmIu&data=02%7C01%7C%7C38cb4f0801cf47ae1f8108d56fb58ad2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636537747856011614&sdata=UtsscY60TfCrWBKem5My%2FrYnByc7g0tOucbUFXpBUvk%3D&reserved=0.
PASS_RESET_POLICY is the id of your pass reset policy on azure. Same way you created SignInSignUp policy there should be blade to create pass reset policy, and you should supply that value here.
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-policies#create-a-password-reset-policy
Ah perfect.
Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10
From: Damir Bolicmailto:[email protected] Sent: Friday, February 9, 2018 12:37 PM To: MrSwitch/hello.jsmailto:[email protected] Cc: LTrainmailto:[email protected]; Mentionmailto:[email protected] Subject: Re: [MrSwitch/hello.js] [QUESTION] Implementing Password reset flow in Azure B2C (#506)
PASS_RESET_POLICY is the id of your pass reset policy on azure. Same way you created SignInSignUp policy there should be blade to create pass reset policy, and you should supply that value here.
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-policies#create-a-password-reset-policyhttps://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory-b2c%2Factive-directory-b2c-reference-policies%23create-a-password-reset-policy&data=02%7C01%7C%7Cb0c43578b35248fb362408d56fe3c3c7%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636537946380856371&sdata=dfEEariMa%2BHQmGysBidcQoIQhzsQooTIrR8l27RCxrw%3D&reserved=0
ā You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMrSwitch%2Fhello.js%2Fissues%2F506%23issuecomment-364503856&data=02%7C01%7C%7Cb0c43578b35248fb362408d56fe3c3c7%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636537946380856371&sdata=nY6xGOLUJBmYNcaEzvoTtT7SXkylGxxCKHJXreaIjSA%3D&reserved=0, or mute the threadhttps://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAux7f_POGvR_ID5w_bEetRPziuvvEAUks5tTIJMgaJpZM4OPmIu&data=02%7C01%7C%7Cb0c43578b35248fb362408d56fe3c3c7%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636537946380856371&sdata=zKEBHcmgZbRC3Ycw7%2Fa2Uj5PkHrtV6AaclN6UOFYZKs%3D&reserved=0.
Thanks for your help that did the trick.
Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10
From: Leon Pryormailto:[email protected] Sent: Friday, February 9, 2018 11:07 AM To: MrSwitch/hello.jsmailto:[email protected]; MrSwitch/hello.jsmailto:[email protected] Cc: Mentionmailto:[email protected]; Christopher Broussardmailto:[email protected] Subject: RE: [MrSwitch/hello.js] [QUESTION] Implementing Password reset flow in Azure B2C (#506)
And thank you BTW!
Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10
From: Leon Pryormailto:[email protected] Sent: Friday, February 9, 2018 11:06 AM To: MrSwitch/hello.jsmailto:[email protected]; MrSwitch/hello.jsmailto:[email protected] Cc: Mentionmailto:[email protected]; Christopher Broussardmailto:[email protected] Subject: RE: [MrSwitch/hello.js] [QUESTION] Implementing Password reset flow in Azure B2C (#506)
We are already trapping the 'AADB2C90118' error. What Iām looking for is this piece:
// start pass reset by invoking hello(PASS_RESET_POLICY)
What is the value of PASS_RESET_POLICY? Is that a policy ID from our B2C configuration?
Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10
From: Damir Bolicmailto:[email protected] Sent: Friday, February 9, 2018 7:06 AM To: MrSwitch/hello.jsmailto:[email protected] Cc: LTrainmailto:[email protected]; Mentionmailto:[email protected] Subject: Re: [MrSwitch/hello.js] [QUESTION] Implementing Password reset flow in Azure B2C (#506)
Hey, here it is, its just parsing content of localstorage and invoking pass reset profile if needed:
if (localStorage && localStorage.getItem('hello')) {
let helloState = JSON.parse(localStorage.getItem('hello').toString());
let azureProfileName = config.AZURE_PROFILE;
let helloUserSession = helloState[azureProfileName];
if (helloUserSession && helloUserSession.error && helloUserSession.error.message) {
// check for error code
const msg = helloUserSession.error.message;
if (msg) {
if (msg.indexOf('AADB2C90118') !== -1) {
// start pass reset by invoking hello(PASS_RESET_POLICY)
}
}
}
}
ā You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMrSwitch%2Fhello.js%2Fissues%2F506%23issuecomment-364416480&data=02%7C01%7C%7C38cb4f0801cf47ae1f8108d56fb58ad2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636537747856011614&sdata=aXaVsqqt21zEuJ8v38Xdh9zqccuYy9%2FBJ3jySGXQ1wg%3D&reserved=0, or mute the threadhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAux7eF0B4V1mld2sjoGp9Zsp6lggzGeks5tTDS7gaJpZM4OPmIu&data=02%7C01%7C%7C38cb4f0801cf47ae1f8108d56fb58ad2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636537747856011614&sdata=UtsscY60TfCrWBKem5My%2FrYnByc7g0tOucbUFXpBUvk%3D&reserved=0.
Hi
@bolicd there is a little confusion in how your using display:page. Any hello.login promise with this option, i.e. .then(success, fail) handlers, wont be resolved as the entire window gets rewritten by navigation.
To handle the error's on the final page after this auth flow. Your doing precisely the right thing, by inspecting the localStorage.
This library is deficient in notifying errors. I've put this in the ticket #541 to add 'auth.error' event dispatches. Similar to how hello.on('auth.login', handler) would work and mentioned above.