Hardcoding of ROPC user flow name
Closed this issue · 1 comments
We ran into 401 Unauthorized issues via our mobile app due to our ROPC user flow name not being the same as what is hardcoded in DotNetNuke.Authentication.Azure.B2C.Components->GetConfig(). Our flow name was B2C_1_MobileApp_ROPC. Going through the source code and looking at the DNN log helped tracked down the issue. Creating a new flow with that name resolved the issue.
// TODO Set the ROPC policy name in a configuration setting
var ropcPolicyName = "B2C_1_ROPC";
The relevant DNN log entry (\Portals_default\Logs\YYYY.MM.DD.log.resources):
2020-02-13 12:07:08.335-06:00 [DMZWeb03][D:47][T:77][ERROR] DotNetNuke.Authentication.Azure.B2C.Auth.B2CAuthMessageHandler - Unexpected error in authenticating the user. System.AggregateException: One or more errors occurred. ---> System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'. ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 404 (Not Found).
Bottom line: make sure you have a "B2C_1_ROPC" user flow to match the hardcoded value.