Reputation: 19
How to authorize client application in Azure AD B2C
Previously, we were using a registered app in Azure AD, but we want to switch over to Azure AD B2C now because it provides more identity provider options. The issue is that under "Expose an API" in my Azure AD app registration, there is a section "Authorized client applications" where you can specify the client id of a client application that you trust. However, in my B2C app registration, there is no "Authorized client applications" section under "Expose an API".
In Azure AD, I authorized client application with ID d3590ed6-52b3-4102-aeff-aad2292ab01c (Microsoft Office) and since I cannot do this the same way with Azure AD B2C, I am getting this error:
Any help on how I can solve this issue and authorize this client id in B2C would be appreciated, thank you.
I was expecting to find the option to authorize client applications in the same place, but perhaps it looks different in B2C.
Upvotes: 0
Views: 643
Answers (1)
Reputation: 16139
Note that: The "Authorized client applications" section under Expose an API is only available in Azure AD but not in Azure AD B2C and this is by design.
You can access the ServerApp API using ClientApp in Azure AD B2C like below:
Create an ServerApp, Expose and API and add scope:
Create an ClientApp and add this scope and grant Admin Consent:
Now, authorize users to access ServerApp API using the below endpoint:
https://rukkb2c.b2clogin.com/rukkb2c.onmicrosoft.com/B2C_1_testrukpolicy/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=https://rukkb2c.onmicrosoft.com/ClientID/access_as_user
&state=12345
I generated access token using below parameters via Postman:
https://rukkb2c.b2clogin.com/rukkb2c.onmicrosoft.com/B2C_1_testrukpolicy/oauth2/v2.0/token
client_id:ClientID
grant_type:authorization_code
scope:https://rukkb2c.onmicrosoft.com/ClientID/access_as_user
code:code
redirect_uri:https://jwt.ms
client_secret:ClientSecret
References:
Request an access token in Azure Active Directory B2C
Upvotes: 0
Related Questions
- Azure B2C client credentials flow throws invalid_grant AADB2C90085
- Use Managed Identity with Azure B2C Directly or with KeyVault
- Azure AD B2C - Error AADB2C90018 immediately after the app registration was created
- How to add authentication on Azure Web App using Authentication feature via Azure AD B2C?
- In Azure why can I not see a "Authorized client applications" section on the "Expose an API" page of an app registration
- Difference for application registration in azure ad b2c
- Proper way to register Azure AD multi-tenant app in Azure AD B2C
- AAD B2C authorized Web Api test with Postman fails
- Azure AD B2C application vs Azure App Registration app