Azure-docs: What url does the .well-known/openid-configuration endpoint move to when using b2clogin?

@chrift
Thanks for your feedback! We will investigate and update as appropriate.

What do you mean by where it moves to?

It will look like:

https://.b2clogin.com/tfp///v2.0/.well-known/openid-configuration

@davidmu1 do you have insights for this?

@chrift I am closing this out for now since I have not heard back yet. I hope this helps but if this does not fully answer your question or you have further queries, please leave a comment and I will gladly continue the discussion. Also feel free to leave a post on MSDN. https://social.msdn.microsoft.com/Forums/en-US/home

@chrift @MarileeTurscak-MSFT I received this from the PM this morning:

It depends which on they are referring to. If the need the AAD version it stays on login.microsoftonline.com. For B2C it will be, https://your-tenant-name.b2clogin.com/tfp/your-tenant-ID/policyname/v2.0/.well-known/openid-configuration

The key thing here is to realize that the b2c config endpoint has a reference to a policy in it, otherwise it’s likely AAD.

Hi @davidmu1 Is https://your-tenant-name.b2clogin.com/tfp/your-tenant-ID/policyname/v2.0/.well-known/openid-configuration still the correct endpoint for B2C? when I navigate to it, I'm getting "site can't be reached" and when I use that in my B2C app, it is not redirecting to Azure.

Does tenant-id mean tenant-name.onmicrosoft.com or the AD directory Id, etc? Though neither are working for me.

@alamfsmb You don't give any specifics about what isn't working, but when I use this URL which contains the name of the B2C tenant:

https://contosotenant.b2clogin.com/tfp/contosoTenant.onmicrosoft.com/B2C_1_signupsignin1/v2.0/.well-known/openid-configuration

I get information back about the endpoints available for the tenant:
{
"issuer": "https://contosotenant.b2clogin.com/c64a4f7d-3091-4c73-a722-a3f0694f60b7/v2.0/",
"authorization_endpoint": "https://contosotenant.b2clogin.com/contosotenant.onmicrosoft.com/b2c_1_signupsignin1/oauth2/v2.0/authorize",
"token_endpoint": "https://contosotenant.b2clogin.com/contosotenant.onmicrosoft.com/b2c_1_signupsignin1/oauth2/v2.0/token",
"end_session_endpoint": "https://contosotenant.b2clogin.com/contosotenant.onmicrosoft.com/b2c_1_signupsignin1/oauth2/v2.0/logout",
"jwks_uri": "https://contosotenant.b2clogin.com/contosotenant.onmicrosoft.com/b2c_1_signupsignin1/discovery/v2.0/keys",
"response_modes_supported": [
"query",
"fragment",
"form_post"
],
...

@davidmu1 sorry, I meant the URL combinations I tried were not returning the information about the available endpoints like you showed. I'm either getting a 404 or "This site cannot be reached"

Not sure if your example is a valid tenant url or not, but I was getting a 404 server error for that url too.

I just tried my other B2C tenants, and the url following that pattern is returning the endpoint information for 1 out of 3 of them. Do you know of any Azure B2C settings that must be enabled for the b2clogin to work?

@davidmu1 Nevermind, it seems to be a network issue on my end. It'll work off my org's network.

Thanks for your response.

This comment is rather removed in time from the beginning of this thread, but:
When i try the contoso URL given above by davidmu1, (see url below) i get a 404 "not found" error. I also get this error when i remove the "/tfp/" in the url (in ad b2c portal, when viewing the endpoints for the app registrations, there is no "tfp" in the url.

I am writing this comment because I am currently unable to access this openid connect endpoint for my own application. It looks like i am having exactly the same issue as alamfsmb

https://contosotenant.b2clogin.com/tfp/contosoTenant.onmicrosoft.com/B2C_1_signupsignin1/v2.0/.well-known/openid-configuration

I'm getting the exact same thing. Creating a policy in one directory this format of url returns the openid configuration: https://contosotenant.b2clogin.com/tfp/contosoTenant.onmicrosoft.com/B2C_1_signupsignin1/v2.0/.well-known/openid-configuration

Exact same steps in another directory and that url format fails with 404. What is going on?

Any ideas why I would get redirected to B2C_1_signupsignin1/v2.0/v2.0/.well-known/openid-configuration instead ?