Hey everyone, I've been dealing with a frustrating issue related to user sign-ins from our identity provider, Azure ADB2C, into a low code/no code platform for almost a year now. After users sign in, they are supposed to be redirected to this front-end platform, where a JWT is verified for authentication. However, about 1-2% of our users are unable to complete the sign-in process; they just get stuck in a loop and are sent back to start over. The front-end provider suggests the problem lies in the token being unreadable. I need help troubleshooting this! I have HAR files, but I'm struggling to extract and view the JWT properly. I even had success with this before but can't remember how I did it. Can anyone guide me on what might be wrong or how to locate the JWT I need to decode in order to validate it? Appreciate any insights!
4 Answers
Thanks for the detailed info! From what you've shared, it sounds like you're indeed using ROPC if you're requesting username/password and sending an OTP as validation. Regarding the "state=" values you're seeing, it seems that the one starting with "ey" might not be the correct JWT, as valid tokens typically consist of multiple segments separated by periods. If the vendor indicates issues with the "cb?state=" token, it might just be a nonce or correlation value and not a JWT at all. Keep in touch with Microsoft support; they might spot what's off. You're not alone in this!
Just a heads up, saying 'JWT token' is a bit redundant since JWT stands for JSON Web Token. It's like saying 'ATM machine'—you get what I mean? But let's focus on your issue!
True, but clarity matters! Everyone understands JWT token and it won’t confuse anyone in this context. Back to the issue—make sure you've recorded the right tokens and extract them properly next time. Just keep asking questions in this forum as you learn more!
I've worked extensively with ADB2C! To help troubleshoot, could you provide more details? What authentication flow are you using, like Standard PKCE or ROPC? Also, are there any non-default settings enabled in your flow? Understanding the steps of your front-end setup and authentication process could shed light. If you're using ROPC, make sure you capture tokens during the auth flow correctly, as modern browsers may clear logs during redirects. Have you considered asking the front-end provider for a sample token to analyze offline? That might give you clues about what's going wrong.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads