loading...

Supplemental explanation about authenticating Users in Xamarin.Forms apps with Azure Active Directory B2C (AD B2C)

muak_x profile image Kamu ・2 min read

This article supplementary describes the article of Authenticating Users with Azure Active Directory B2C.

The most referential sample project

As there are too many similar sample projects, I had difficulty knowing it, but I managed to find the following sample.

https://github.com/xamarin/xamarin-forms-samples/tree/master/WebServices/TodoAzureAuthADB2CClientFlow

This is the very referential sample project.

The issue that a password reset link doesn't work.

Though there is a password reset page link at AD B2C local account login form, an exception occurs when tapping this link, and the password reset page can't be transitioned to.

This issue can be solved by catching the exception and judging the error message.

public async Task<bool> LoginAsync()
{
    AuthenticationResult authResult = null;

    try
    {
        authResult = await _client.AcquireTokenAsync(
            Scopes,
            GetUserByPolicy(_client.Users, PolicySignUpSignIn),
            UIParent
        );
    }
    catch (MsalException msalex)
    {
        // As an exception contains the following message occurs when tapping the password reset link,
        // identifing the exception by the message, password reset page is jumped to.
        if (msalex.Message.Contains("AADB2C90118"))
        {
            try
            {
                // If calling no delay, AquireTokenAsync doesn't sometimes return a result forever
                // It is avoided by a few delays is set.
                await Task.Delay(500); // very important! 
                authResult = await _client.AcquireTokenAsync(
                    Scopes,
                    _client.Users.FirstOrDefault(),
                    UIBehavior.SelectAccount,
                    "",
                    new string[] { },
                    ResetAuthority, // https://login.microsoftonline.com/tfp/your_tenant/your_resetpassword_policy
                    UIParent
                );
            }
            catch (MsalException msalex)
            {
                if (msalex.ErrorCode == "authentication_canceled")
                {
                    Debug.WriteLine("password reset user_cancel");
                }
                return false;
            }            
        }

        else if(msalex.ErrorCode == "authentication_canceled" ){
            return false;
        }

        else {
            Debug.WriteLine($"Error Acquire Token: {msalex}");
            throw msalex;
        }        
    }
    catch(Exception ex)
    {
        throw ex;
    }

    if(authResult == null){
        return false;               
    }

    return true;
}

Note that a few delays should be set before calling AcquireTokenAsync method to call the password reset page.

Posted on by:

Discussion

markdown guide