AAD B2C authorization

[AdamWorley]

Hey this extension seems great, and it would be nice to be able to remove the need to have postman but I'm having an issue with using Multi-tennant B2C domains.

Is there a way to provide a policy when using the $aadToken variable?

I've tried using the following url format (the one swagger works with): https://contoso.b2clogin.com/tfp/contoso.onmicrosoft.com/B2C_1A_SignUpOrSignInWithAAD/oauth2/v2.0/authorize

But it responds saying that https://contoso.b2clogin.com is not an application in the domain my user account is in.

Any help with this would be great!

[Huachao]

@AdamWorley sorry currently it's not supported

[AdamWorley]

@Huachao No worries, still a really helpfull extension!

How easy would it be to implement oauth2 or use the MSAL package? If it's not too difficult I'd love to be able to help.

[Huachao]

Does your request works for postman uses the oauth2 flow?

[AdamWorley]

Hey @Huachao, To get the token from postman is does use the oauth2 and the implicit flow and uses the send client credentials in body option.

It's also possible to get a token directly for the application, so no user details, but it would seem that token doesn't include a signature .

[Huachao]

@AdamWorley thanks for your quick response, and what's your grant type configured in postman which can work?

[AdamWorley]

Hey @Huachao, the grant type is Implicit

[dandax]

@Huachao @AdamWorley has anything further happened with this? I'm trying to get B2C to work as well but I think ADAL is the issue. I have been using Postman with similar settings as above but would prefer to move to the REST Client extension.

[jazuntee]

@Huachao I see you are using adal-node for v1 auth. Would you be able to use @azure/msal-node for $aadV2Token? This should allow for easy B2C compatibility. It should also handle refreshing the token when expired which does not appear to be working currently with V2.

[Huachao]

@darrelmiller does the $aadV2Token work with AAD B2C authorization?

[jazuntee]

@Huachao In looking at the code here for $aadV2Token, it would not work with B2C because it uses a different authority hostname. "https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/oauth2/v2.0/token"

ADAL won't support it and has been deprecated anyway so ideally it could be replaced with the latest MSAL library.

[SamLino]

You can still login into Azure B2C

POST https://contoso.b2clogin.com/tfp/contoso.onmicrosoft.com/B2C_1A_SignUpOrSignInWithAAD/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded

username={{B2cUserName}}
&password={{B2cUserPassword}}
&grant_type=password
&scope=openid {{ScopeURL}}
&client_id={{ClientId}}
&response_type=token id_token

Reply is a token that can be used in 'Authorize' header for subsequent calls

If the password has special characters, it might need: { "rest-client.formParamEncodingStrategy": "always" }