Last post Jul 13, 2020 08:22 AM by rajeev16mca2k5
Jul 13, 2020 07:51 AM|rajeev16mca2k5|LINK
We want to use MSAL for Authentication in our Web application with Web API using Authorization Code Flow.
I was using Sample from GitHub (https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/4-WebApp-your-API/4-2-B2C).
But unfortunately it uses Implicit Code Flow by default.
Note: I disabled both Access Token and Id Token from Implicit Flow option for the application on the Azure Portal.
As I can see in request URL for Authorization EndPoint, the ResponseType was "code id_token". But we just want to use Authorization Code Flow everywhere. So It needs to be "code" only.
Then I found in this StackOverflow Article (https://stackoverflow.com/questions/61554550/azure-ad-b2c-error-aadb2c90057-when-i-am-not-trying-to-use-the-implicit-flow)
someone faced the same problem, I commented this line of code in Github sample
And added block of code from update section in StackOverflow Article (https://stackoverflow.com/questions/61554550/azure-ad-b2c-error-aadb2c90057-when-i-am-not-trying-to-use-the-implicit-flow).
Then I now get the following error:
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: IDX21336: Both 'id_token' and 'access_token' should be present in OpenIdConnectProtocolValidationContext.ProtocolMessage received from Token Endpoint. Cannot process the message.
To fix it, I added "client id" scope to OpenIdConnectOptions according to this article (https://github.com/dotnet/aspnetcore/issues/23284#issuecomment-648775392)
Further, AcquireTokenByAuthorizationCode method was throwing a long exception with top line:
at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse response, RequestContext requestContext)
I changed "Instance" in appsetting from https://company.b2clogin.com to https://company.b2clogin.com/tfp/.
Now I am getting Id Token, but AccessToken is returned null by AcquireTokenByAuthorizationCode method.
Am I still missing some configuration OR its some bug in Microsoft.Identity.Web with Authorization Code Flow?
Is it fine to use AddAuthentication with options for AzureADB2C(MSAL) OR We should be using AddSignIn Method only?
Jul 13, 2020 08:22 AM|rajeev16mca2k5|LINK
FYI I have removed ClientId scope from OpenIdConnectOptions and added read scope for some API into OpenIdConnectOptions.
It fixed the AccessToken null issue. Now I am getting both AccessToken and IdToken.
Does my changes looks fine?
Also I am getting both IdToken and AccessToken to be added into cache. Is that normal?