I can use build all policies just fine, but when I try to Upload All Policies the command fails with No B2C policies found in <no value here>. I can upload individual policies as well.

My template policy documents exist within a policy_documents folder within my repo, and this structure is duplicated within the Environments directory. Placing my templates in to the repo root and re-building changes the Environment directory structure, and the error message becomes settings:tenant is neither a valid DNS name, nor a valid external domain. The tenant setting is indeed set correctly, so I'm not sure why this doesn't work correctly.

For now I can just upload individual policies for testing.

There are a couple issues lurking behind the scenes in this part of the code when you change the defaults in the appsettings.json file and expect the Policies to be built from "PoliciesFolder" into the "EnvironmentsFolder"

I believe the provided PoliciesFolder setting should be used to scan for policies. If it's null scan from the root only instead.

Later when creating the environmentsRootPath variable you join with the hardcoded value "Environments" instead of using the provided EnvironmentsFolder setting.

I've followed the instructions here, however, when I attempt to sign in to azure, I get the following error:

AADSTS500113: No reply address is registered for the application.

To be clear, I am doing the following after I have registered the graph API permitted application on Azure:

1. Run the vscode command palette with "B2C Upload Policy"
2. I get prompted to login, click login.
3. Enter code
4. Login with my credentials
5. See the error screen

Do I need setup a redirect link or something in the application auth settings:

Thanks

Hey team, my team is building some custom AD B2C policies and I'm looking to embed some XML metadata in my custom policy files. Production metadata is different than dev, so I'd like to be able to specify the metadata in the appsettings.json policy. However, adding the XML metadata in appsettings causes errors that leave the policy unable to be built. I've tried escaping double quotes in the metadata with single, double, and triple backslashes and removing line breaks, but none of this will resolve the errors. Any suggestions or assistance with how to accomplish this?

{
    "Environments": [
    {
      "Name": "Production",
      "Production": true,
      "Tenant": "my-tenant.onmicrosoft.com",
      "PolicySettings" : {
        "TenantId": "my-tenant GUID",
        "RelyingPartyPolicyName": "policyName",
        "AppInsightsKey": "myAppInsightsKey",
        "CertName": "myCertName",
        "DevPrefix": "",
        "RelyingPartyMetadata": "<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="myId" cacheDuration="PT1440M" entityID="myEntityId">
   <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
      <md:AssertionConsumerService index="0" Location="https://google.com" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" isDefault="true" />
      <md:AttributeConsumingService index="0">
         <md:ServiceName xml:lang="en">AttributeContract</md:ServiceName>
         <md:RequestedAttribute Name="EmployeeID" />
         <md:RequestedAttribute Name="displayName" />
      </md:AttributeConsumingService>
   </md:SPSSODescriptor>
   <md:ContactPerson contactType="administrative" />
</md:EntityDescriptor>"
      }
    ]
  }

I see that there are new Filename and PolicyFileName parameters, but there is very little explanation on how to use them. I looked at the source and I was wondering if this could be used to rename xml files on build For exemple, I would like to have some "versioned" files with a suffix in the name to be able to deploy them in my dev tenant without impacting other developpers and testers. I added a custom settings "VersionNumber": "1234" in my appsettings file and used it in my policies like :

<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
  xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" 
  TenantId="{Settings:Tenant}" 
  PolicyId="B2C_1A_TrustFrameworkBase{Settings:VersionNumber}" 
  PublicPolicyUri="http://{Settings:Tenant}/B2C_1A_TrustFrameworkBase{Settings:VersionNumber}" 
  TenantObjectId="{Settings:TenantObjectId}">

This produces the files with correct values, but with the same B2C_1A_xxxxx.xml filename in my Environment folder. I'd'like to know if it is possible to rename all the xml files generated in this environment? Like maybe use the PolicyId when generating the name? For exemple, since I modified it in my policy, the xml file should be B2C_1A_TrustFrameworkBase1234.xml

Hi,

I've configured in appsettings.json folderpath to be "EnvironmentsFolder": "release"

configured extension workspace settings with respective env name.

Execute the upload all policy and extension cannot locate the folder :-(

Looked up in code and looks to me hard-coded value and it expects the Environment folder name to be 'Environment'

I reverted my config to match the name and tried it worked.

Extension version: 1.3.2
I have a series of policy files, each of which contains either BuildingBlocks, ClaimsProviders, UserJourneys, or RelyingParty elements. When I use the extensions "Policy Build" command (Ctrl + Shift + 5 shortcut), the policies are not built and I see the following stack trace in the Dev Tools:

  ERR Cannot read property 'journeys' of undefined: TypeError: Cannot read property 'journeys' of undefined
    at Policy.hasPolicyId (c:\Users\<name>\.vscode\extensions\azureadb2ctools.aadb2c-1.3.2\out\OrchestrationStepsRenumber.js:114:29)
    at Policy.process (c:\Users\<name>\.vscode\extensions\azureadb2ctools.aadb2c-1.3.2\out\OrchestrationStepsRenumber.js:146:40)
    at Policy.process (c:\Users\<name>\.vscode\extensions\azureadb2ctools.aadb2c-1.3.2\out\OrchestrationStepsRenumber.js:135:23)
    at Function.RenumberPolicies (c:\Users\<name>\.vscode\extensions\azureadb2ctools.aadb2c-1.3.2\out\OrchestrationStepsRenumber.js:52:20)
    at c:\Users\<name>\.vscode\extensions\azureadb2ctools.aadb2c-1.3.2\out\PolicyBuild.js:61:62
    at processTicksAndRejections (internal/process/task_queues.js:93:5)

It looks like a recent PR ( #69 ) references this.journeys.has(...) in hasPolicyId which is causing this issue.

Should this read this.base.journeys.has(...) instead?

Rolling back to 1.3.1 allows me to build policies again.

Would it be possible to add the feature that allows a single VSCode folder to contain several policy files that only get uploaded to certain environments?

Example:
One source control folder with all policy files open in VSCode. Three environments. en-a, en-b, en-c
Some common policy files would be uploaded to all environments. But certain policy files would only be uploaded to en-a, or en-b, or en-c

I could successfully upload just one policy with this new method described here.

However at the end of this doc it's mentioned that it's possible to upload all policies at once. For this to happen we need to set the default environment name:

The default environment name in the extension's settings needs to be configured before using 'Upload all policies' command.

I'm using the extension v. 1.2.74 right now... I couldn't find the place to set the default environment name.

Can you explain where it is or the extension in Visual Studio code still needs to be updated?

Thanks.

I'm not getting any Trace info in VSCode - get error "Application Insights produced empty results"

I can see the Trace information is being logged in App Insights ... it just not getting to the VSCode panel

Failing on build-all task, however build current file works.

I installed this extension on my new machine and started to use modify my policies however Find all reference feature is not working. I am not sure if i am missing something or this is some type of bug.
Is there any open issue related to this?

• Issue Type: Bug
• Extension Name: aadb2c
• Extension Version: 1.3.0
• OS Version: Windows_NT x64 10.0.19043
• VS Code version: 1.55.2

⚠️ We have written the needed data into your clipboard. Please paste! ⚠️

I used to be able to open a policy xml file and the outline of the content would be available in "AZURE AD B2C POLICY EXPLORER". Somehow it stopped working suddenly. I tried to disable/enable and uninstall/reinstall it but couldn't get it back. What can I do now?

The policy build shows that the policies have successfully exported. But when looking into the policy root folder, no environments are created.

VS Code Version: 1.47.2
azureadb2ctools.aadb2c Version: v1.2.92

From the Extension log file:

[2020-07-23 17:09:15.203] [exthost] [error] [AzureADB2CTools.aadb2c] provider FAILED
[2020-07-23 17:09:15.203] [exthost] [error] Error: Illegal argument, contents must be defined
at new B (c:\Program Files\Microsoft VS Code\resources\app\out\vs\workbench\services\extensions\node\extensionHostProcess.js:440:527)
at new B (c:\Program Files\Microsoft VS Code\resources\app\out\vs\workbench\services\extensions\node\extensionHostProcess.js:429:431)
at c:\Users\ansary.rd.vscode\extensions\azureadb2ctools.aadb2c-1.2.92\out\HoverProvider.js:38:28
at processTicksAndRejections (internal/process/task_queues.js:85:5)

How to overcome this error when trying to upload the policy files to Azure?

Allow a special {Setting:Filename} token to be used within the B2C Build Policy command that will be replaced with the name of the file on disk.

Notes:

• Would truncate the file extension (.XML)
• Would truncate B2C_1[A]_ if a developer included that in the filename
• Would replace unsupported characters with underscore (_)
• Would ignore a Filename value in the appsettings.json

Examples:

Note - I am not 100% sold on the removal of B2C_1[A], because a developer can add or remove that in his/her Policy files where they will use.

Overall Value

In most cases, I am finding that I am creating a file that is the same as the Policy Name/ID. I could simplify my policy header if the {Setting:Filename} token could just match the name of the file in my repository.

Just as:

So you can easy have some differences in eg. dev, test and production environment. Just have to check some of the code before.....

I created a environment with Azure Pipeline, but I can't automate all steps in deploy (for example, I have two environments HML & PROD, but to deploy I have to build policies and push to master)

Summary:

Implemment Auto build on ctrl-s (save) in VSCode could be a solution

We like your B2C extension.
However, we realized it is not compatible with azure AD B2C China: tenant.partner.onmschina.cn

MSGraphTokenHelper.ts

PolicyUpload.ts

I have been using this extension and love it however day one for this feature never worked.
Find All reference or shift+aly+F12 does not work

Maybe I am doing something wrong, but when I try the policy build no policies are generated. The only thing that gets generated are the directories, but they are all empty.

Hello Team.

I hope you are doing wel. I am reaching out to inform you of a critical security matter. After cloning the repository, I have identified several vulnerabilities across multiple dependencies. These issues range in severity.

Key Vulnerabilities identified:

• Improper Input Validation [Critical Severity]
• Improper Input Validation [Critical Severity]: Introduced by [email protected] > @xmldom/[email protected], can be fixed by upgrade.

Upgrading these dependencies will not only resolve the current vulnerabilities but will also enhance the overall security posture of the project.

I have enabled the App Insight and getting the logs. I observed that there is difference in DateTime Showing in the B2C Trace and App InSight Explorer. Below are the screenshots.

B2C Trace App Insight

App InSight Explorer

Is this how the system has been design or there is any issue?

I'd like the be able to use the build policy functionality as part of a custom Azure Pipelines task that could build the policy during a build.

Would you accept a PR that refactors that module and exports it so it can be imported and used by other NPM libraries?

Extension version: 1.2.101
Description of bug:
Build is recursively populating the Environments folder until VS Code crashes.

It appears that this only happens if you build when there is a pre-existing Environments folder there.

I downgraded to 1.2.93 and things work normally again. Haven't tried all the versions in between.

Reproduction steps:

1. Create a new folder
2. Create TrustFrameworkBase.xml. I just copied from one of my projects, I don't believe the content matters (although I haven't experimented here)
3. Create a new appsettings.json w/ the following content:

{
    "Environments": [
        {
            "Name": "Sandbox",
            "Production": false,
            "Tenant": "yourtenant.onmicrosoft.com",
            "PolicySettings" : {
                "PolicySuffix": ""
            }
        },
        {
            "Name": "Testing",
            "Production": false,
            "Tenant": "yourtenant.onmicrosoft.com",
            "PolicySettings" : {
                "PolicySuffix": ""
            }
        }
    ]
}

4. Build
5. Build again
6. See that you now have a recursive tree

I'd like to be able to do this:

<!--Sample action required: replace with your endpoint location -->
<Item Key="METADATA">{Settings:AzureAppServiceUrl}/.well-known/openid-configuration</Item>

When I run b2c build, {Settings:AzureAppServiceUrl} value is not replaced.

Where:

"AzureAppServiceUrl": "https://myapp.azurewebsites.net"

From the readme this should work out of the box but somehow it doesn't.

If I do:

<Item Key="METADATA">{Settings:Tenant}/.well-known/openid-configuration</Item>

it works... but if I do:

<Item Key="METADATA">{Settings:AzureAppServiceUrl}/.well-known/openid-configuration</Item>

it doesn't replace with the value I set and keeps this as a result in the transformed file:

<Item Key="METADATA">{Settings:AzureAppServiceUrl}/.well-known/openid-configuration</Item>

Attempting to use the VSCode Extension for B2C on a Mac does not load the B2C tools. Even-though the custom policy xml file is open.

Azure AD B2C

v1.2.93

VsCode Version

Version: 1.49.1
Commit: 58bb7b2331731bf72587010e943852e13e6fd3cf
Date: 2020-09-16T23:21:17.533Z (5 days ago)
Electron: 9.2.1
Chrome: 83.0.4103.122
Node.js: 12.14.1
V8: 8.3.110.13-electron.0
OS: Darwin x64 19.6.0

Mac Version

macOSCatalina - 10.15.6

Is there a way to register the application for the upload policy feature using the new App Registration experience? My tenant no longer allows the legacy experience.

Regularly getting a json parse error - Seems to be intermittent when it triggers but once it does it won't work on those particular logs.

Unexpected token c in JSON at position 114393 (number varies)

Is is possible to have a set of PolicySettings values that are common across all Environments. If the same setting is declare in a given environment section, it is overridden?

eg:

{
  "Defaults" : [{
       "PolicySettings" : {
           "Setting1" : "Foo",
           "Setting2" : "Bar",
           ... etc
       }
  ]},
  "Environments" : [{
      "Name" : "Test",
      "PolicySettings" : {
            "Setting1" : "Alpha",
            "Setting3" : "Beta",
            .... etc
      }
  }]
}

So "Setting1" and "Setting2" have a default of "Foo" and "Bar" respectively.

For the environment "Test",

• "Setting1" is "Alpha",
• "Setting2" is "Bar"
• "Setting3" is "Beta"

Application Insights
Policy: B2C_1A_SIGNIN
Correlation Id: 02fcd83d-553a-4743-b8cb-e3c73dc1cb87
App insights Id: dfbef799-bd62-11ed-a10a-002248291c02, dfbef795-bd62-11ed-a10a-002248291c02 (The report shows a combination of two Application Insight entities)
App insights timestamp: 2023-03-07 19:39:02
User journey is completed: Unknown (JSON parse exception)
Orchestration steps: , 3, 2, 2
Internal error
Failed to parse App Insights JSON data: Unexpected token o in JSON at position 0

Would be useful to support environment substitution in HTML templates for custom content definitions. If, for example, I was to create a sub-folder called templates in the same folder as the policy xml files and run the Policy Build tool for an environment it could apply the environment transformations to those files also to replace things like absolute references to resources in the storage account hosting to the content (e.g. images, styles etc. )

VSCode: 1.65.2
Azure AD B2C extension: v1.3.5
OS: Windows_NT x64 10

I have various custom policies files which override a particular orchestration step of the base user journey. Building multiple times the same files lead to different behaviors:

• Sometimes the Orchestration Steps are renumbered (which is wrong)
• Sometimes the Orchestration Steps renumbering is skipped (which is correct)

For example, this is a custom policy (B2C_1A_signin_aad_exlibris_JWT) file which overrides the SendClaims OrchestrationStep n.7

Building the policy, the orchestration step is renumbered:

Rebuilding the policy (without resetting the Order to 7), the orchestration step renumbering is skipped:

This inconsistent behavior may lead to errors while uploading policies, especially if you override the SendClaims OrchestrationSteps, because you'll end up having 2 SendClaims steps which is not allowed. In the worst case, when you're not overriding the SendClaims step, you could upload policies successfully but the logic will be completely broken at runtime.

I have some experimental custom policies that I want to manage within the same project but with separate implementations. To enable this, I'd like the extension's "Build policies" task to support folders other than the root folder so that it will work if I have the following file structure:

- Experiment1
  - TrustFrameworkBase.xml
  - TrustFrameworkExtensions.xml
  - appsettings.json
- Experiment2
  - TrustFrameworkBase.xml
  - appsettings.json

This also matches the AD B2C sample implementations repo https://github.com/azure-ad-b2c/samples/tree/master/policies

is it possible to setup multiple environments to be uploaded?

For example I want to upload to Dev Env A and Dev Env B at the same time?

I have noticed that the later versions > 1.2.106 do not put the logs in the correct order.

I have a custom policy with a SubJourney. With v1.2.106 it looks like this:

The SubJourney covers covers the steps 2,3,4 (9:22:08) and 9,10,11 (9:22:48) - As you can see step 9 is not in the right order but it is on it own entry so that is generally fine.

When I update to anything > 1.2.106 the order is a mess, here is the order for the same transaction on 1.3.

When the order is messed up it is impossible to trace though as the logs do not seem to contain all the data for each step.

Is this caused by having SubJourneys?

We have been using the App Insights integration to monitor user activity over B2C tenant, and we noticed policies being duplicated in the view, once stated with Capital letters once with lower letters. See attached screenshot. As the name of the policy in the logs is same we were wondering what might be the root cause of this.

When running the Build-CustomPolicies.ps1 script on MacOS, the file paths are getting merged incorrectly and I get errors like this:

Could not find a part of the path '/Users/xxxxx/Example/CustomPolicies/Environments/Development/Users/xxxxx/Example/CustomPolicies/TrustFrameworkExtensions.xml'

This might have to do with differences in how Get-ChildItem works on Windows vs Unix-like systems, but I found adding the flag to return only filenames fixes the issue:

$XmlPolicyFiles = Get-ChildItem -Path $FilePath -Filter *.xml

turns into

$XmlPolicyFiles = Get-ChildItem -Path $FilePath -Filter *.xml -Name

I can make a PR if that's helpful.

I've followed the steps in your article that linked to the instructions in configuring the VSCode to upload a custom policy doc, by configuring Graph API with B2C (https://github.com/azure-ad-b2c/vscode-extension/blob/master/src/help/policy-upload.md)

When i do a SHIFT + CTRL + U in VS code I get a login prompt, I copy the code into the web page, login and get the message "You have signed in to the Graph API application on your device. You may now close this window."

When do SHIFT + CTRL + U again I get the same login prompt in VS Code!?

When setting the Reply URL for the Graph Api in B2C I set it to https://[MyB2CTenant].b2clogin.com/oauth2/nativeclient

Is this a bug, what should happen from VSCode once I have logged in?

Using VSCode 1.45.1 on WIndows 10

The Runtime Status on the extension has two entries for this error. I'm not sure how to provide additional info as of right now so let me know if there's something I need to do on my end to help you resolve this. Thx