My Oracle Support Banner

Social Sign In When Using Azure AD B2C Returns Error "400 Bad Request" (Doc ID 2668840.1)

Last updated on FEBRUARY 18, 2021

Applies to:

Oracle Application Express (APEX) - Version 19.2 and later
Information in this document applies to any platform.

Symptoms

If you are trying to setup social sign in authentication scheme in an Apex 19.2 instance, after login, when you get redirected to apex_authentication.callback, you will receive error:

400 Bad request error using the Azure AD B2C.

Following the below document Social sign in support for the Azure AD B2C set-up:

https://docs.oracle.com/en/database/oracle/application-express/19.1/htmrn/index.html#HTMRN-GUID-32C4974D-FBCE-4B23-A72D-934E4248C78C

There is new scenario where this is failing with the 400 bad request error.

When you are setting Apex Authentication scheme with an Azure AD OpenID app => it will work fine (as usual).

But when you test again with an application in Azure AD B2C => You will see the Invalid URL error.

The only difference between "AD" and "AD B2C":

 

AD is compatible with two-legged grant type "client credentials". So when you setup the Web Credentials it uses "grant_type=client_credentials&scope=email"
(and its working fine).

But

The AD B2C is only compatible with three-legged "authorization_code", so when you setup the Web Credentials it uses "grant_type=authorization_code&scope=email" (and it will not work, and will give error of invalid URL).

 

So it seems that Apex is either ignoring his "grant_type=authorization_code" or is not compatible with authorization code grant types.

As per the <BUG "28147764> SOCIAL SIGN-IN: SUPPORT NEWER VERSIONS OF AUTHENTICATION PROVIDER APIS"

And you can see the following errors in the log file.

object line object

handle number name
0x139e1e208 1033 package body APEX_190200.WWV_FLOW_ERROR.INTERNAL_GET_ERROR
0x139e1e208 1101 package body APEX_190200.WWV_FLOW_ERROR.INTERNAL_ADD_ERROR
0x139e1e208 1493 package body APEX_190200.WWV_FLOW_ERROR.RAISE_INTERNAL_ERROR
0x477202ab0 836 package body APEX_190200.WWV_FLOW_WEB_SERVICES.BEGIN_REQUEST
0x477202ab0 1138 package body APEX_190200.WWV_FLOW_WEB_SERVICES.MAKE_REST_REQUEST_INT
0x477202ab0 1475 package body APEX_190200.WWV_FLOW_WEB_SERVICES.MAKE_REST_REQUEST
0x15fb89860 416 package body APEX_190200.WWV_FLOW_WEBSERVICES_API.MAKE_REST_REQUEST
0x2ca257c90 79 package body APEX_190200.WWV_FLOW_AUTHENTICATION_SOCIAL.SEND_JSON_REQUEST
0x2ca257c90 545 package body APEX_190200.WWV_FLOW_AUTHENTICATION_SOCIAL.AJAX
0xc5ea776b0 497 package body APEX_190200.WWV_FLOW_AUTHENTICATION_NATIVE.SOCIAL_AJAX
0xc5ea776b0 1365 package body APEX_1~"
apex_error_code: WWV_FLOW_DML.INVALID_URL
is_common_runtime_error: false
is_internal_error: true

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.