Reputation: 283
Does B2C support Grant Flow with PKCE?
I've been asked to integrate a new web app with our B2C implementation and the requirement is to support the Grant Flow with PKCE.
Does B2C/IEF support this? Any pointers as to steps required?
I'm hopeful as I've found this reference in the AD docs, which references code_challenge and code_challenge_method parameters in the request to the /authorize endpoint.
Thanks Mark
Upvotes: 4
Views: 2152
Answers (2)
Reputation: 14634
According to this developer announcement and this documentation issue, it is supported, although it isn't enabled for the implicit flow AFAIK.
Upvotes: 3
Reputation: 871
it sounds like you are trying to create a web based application that can only use Auth code with PKCE per the new OAuth guidelines. Please refer to the following post in regards to the new OAuth rules and Microsoft's Auth process : https://developer.microsoft.com/en-us/identity/blogs/our-thoughts-on-implicit-grant-with-microsoft-identity/
Microsoft's suggestion is to utilize the Microsoft Libraries to do authentication, that is using either ADAL/MSAL.
As it's a B2C Application you will want to use MSAL. For more information on using MSAL please refer to : https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-b2c-overview
Upvotes: 1
Related Questions
- Azure B2C client credentials flow throws invalid_grant AADB2C90085
- Can I use "Resource Owner Password Grant" flow with Azure AD B2C
- Azure AD B2C - Client Credential flow not supported . Workarounds Available?
- Azure B2C client credentials grant
- Azure B2C Authorisation (Not Authentication)
- Azure B2C authentication with Implicit Grant Flow
- Is it possible to automate login to Azure AD B2C using the authorization code flow with PKCE
- Does Resource Owner Password Credentials Flow Work with Accounts from External Identity Providers
- B2C - Custom flow
- Can Azure B2C claims exchange be used for Access token?