rayluo
commented
4 years ago Good point!
Strictly speaking, same conceptual separation could also be desirable in the non-B2C part of this sample, although we get away from it because its default value tend to work out of the box:
ENDPOINT = 'https://graph.microsoft.com/v1.0/users' # This resource requires no admin consent
SCOPE = ["User.ReadBasic.All"]But we do not have that luxury in the B2C world.
This is an enhancement request, and now labelled as so. Before the enhancement becomes available, a quick workaround is to change this non-workable placeholder to use an empty list, as @mmacy suggested. Do you want us to make that quick change now?
mmacy
When using this code sample for Azure AD B2C, the developer might want to first get sign-up and sign-in working, but not yet have a web API available to test the API access portion of the sample.
However, in the current sample, if a developer updates just the
CLIENT_IDin app_config.py (after renaming it from app_config_b2c.py, of course), several errors occur when navigating to the application and attempting to sign in, and the experience is busted.It'd be wonderful to have these two operations decoupled so that no API access is attempted until the web app user selects an "Access API" link or button.
For example, the B2C tutorials are all split into two parts:
Developers complete the first tutorial and test the user authentication, then they move on to the second tutorial to hook up and test secure API access.
As a workaround in the B2C tutorial for Python, I've had to specify that the developer needs to empty the
SCOPEarray to get the sample functional: