Azure B2C doesn't work with Native Client applications

Question

I pulled down this example from GitHub:

https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-tutorials-desktop-app

It works with the original appsettings connecting to their authentication service, but when I change it to my Azure B2C application, I get a 401 error. I've tried every possible combination and gone over the instructions several times, but I still get the 401.

So then I tried connecting using PostMan and the instructions I found here:

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/azure-ad-b2c-webapi?view=aspnetcore-2.2

And, interestingly, that works just fine. So then I pulled apart the requests to find out what was different. Apparently the example application tries to connect to the Authority at:

https://login.microsoftonline.com/tfp/tenant/policy/oauth2/v2.0/authorize

But the Postman example tries to connect to the authority at:

https://tenant.b2clogin.com/tenant/oauth2/v2.0/authorize?p=B2C_1_Sign_In

So I took it one step further and copied the security token out of Postman and jammed it into my client application. It worked!

So naturally I thought the next step would be to take the authority that I used in PostMan and place it in the Desktop application. It failed. When I examined the PublicClientApplication, the authority had been truncated to just:

https://gammafourdevelopment.b2clogin.com/gammafourdevelopment.onmicrosoft.com/

Would someone please give me an idea how this API is supposed to work as none of the examples seem to be current (except the Postman example)?

Answer 1

This authority fixes the problem:

https://{domain}.b2clogin.com/tfp/{domain}.onmicrosoft.com/{policy}/v2.0/.well-known/openid-configuration"