BlairLeduc
commented
1 month ago More investigation reveals that I am getting an id_token not an access_token in the return from B2C.
Open BlairLeduc opened 1 month ago
BlairLeduc
commented
1 month ago More investigation reveals that I am getting an id_token not an access_token in the return from B2C.
rangav
commented
1 month ago Thanks, can you please verify the logs of Thunder Client and Postman and let me know what is different/missing?.
Describe the bug OAuth 2 authentication is not working with Azure B2C, the interaction appears successful however some claims are missing in the returned bearer token from Azure B2C. This works correctly using MSAL in the SPA app and with Postman.
To Reproduce Grant Type: Authorization Code with PKCE Code Verifier: State: Send Auth: As Auth Header Token Name: id_token The rest of the fields have appropriate values
Azure B2C does generate a token for the Thunder Client request, but it is missing claims: "nonce", "scp", "app". Azure.Identity in my .NET backend fails with unable to verify Bearer.
One difference noticed, my SPA app using MSAL has a scope parameter in the token request whilst Thunder Client does not, though I do not know OAuth 2 spec well enough to know if this comment is important.
Expected behavior
I am able to receive a valid token with my SPA app and with Postman (with the same configuration in Postman).
I expect Thunder Client to do the same.
Platform:
Are you using the free version/paid version/trial: Paid (starter)