Open gcobr opened 5 years ago
Internally, Azure AD B2C makes a call to Azure AD in order to authenticate local accounts. This uses the ROPC flow, which does not require the client secret. Due to the way ROPC works in AAD, you need two applications to make it work.
In
LocalAccounts/TrustFrameworkExtensions.xml
we have:Can someone explain why two applications are required to make these custom policies work? How does the IEF use each of them?
Besides, I don't see any secret or application key being passed to IEF in these files. How can IEF connect to AAD using Application Ids only?