Reputation: 788
I've followed the instructions in this Documentation to get the access token but instead all I'm getting is the id token.
Am I doing anything wrong here?
Upvotes: 1
Views: 106
Reputation: 16498
The scope you set should be incorrect.
You need to create two Azure AD applications for client and your API.
Please refer to add a web API application to your Azure Active Directory B2C tenant at first. It represents your API.
You will need to configure scopes in this Azure AD app. Then you will get a scope like: https://{your B2C tenant name}.onmicrosoft.com/api/demo.read
.
Then you should grant permissions in your another Azure AD app which represents your client. If you haven't created it, please refer to Register a web application in Azure Active Directory B2C.
Now you have all the configurations prepared.
Access this url in a browser:
https://{B2C tenant}.b2clogin.com/tfp/{B2C tenant}.onmicrosoft.com/{B2C Policy name}/oauth2/v2.0/authorize?
client_id={client id of the client Azure AD app}
&nonce=12345
&redirect_uri={redirect uri of the client Azure AD app}
&scope=https://{B2C tenant}.onmicrosoft.com/api/demo.read
&response_type=code
Login with your B2C account, you will get a code
in the address bar.
Then send a request in Postman:
POST https://{B2C tenant}.b2clogin.com/{B2C tenant}.onmicrosoft.com/{B2C Policy name}/oauth2/v2.0/token
grant_type=authorization_code
&client_id={client id of the client Azure AD app}
&scope=https://{B2C tenant}.onmicrosoft.com/api/demo.read
&code={code from the pervious step}
&redirect_uri={redirect uri of the client Azure AD app}
&client_secret={client secret of the client Azure AD app}
Please note you should keep the same value for the scope
of the 2 requests above. Otherwise, the access token may be missing based on my test.
Upvotes: 1