MSAL does not return a token about active-directory-b2c-dotnetcore-webapp HOT 6 CLOSED

Did you create a web api application, publish the same scopes, and update the app uri in the settings? (See step 4 in the Readme)

from active-directory-b2c-dotnetcore-webapp.

@Marren85 I get the same thing. result.AccessToken is null after the AcquireTokenByAuthorizationCodeAsync call. If I swap my appsettings back to the ones in the sample that call returns an access code. Did you find a solution or what was wrong with the B2C config?

from active-directory-b2c-dotnetcore-webapp.

@4deeptech can you confirm that you did the following:

1. Register your web api and define scopes for it
2. In your web app's registration, indicate that you want to consume those scopes.
3. Change your web app's OpenID Connect middleware:
   i. Response type of "id_token code"
   ii. Scope of "openid {your-web-api-scopes}"
4. Finally, you'll use MSAL in the OnAuthorizationCodeReceived event to redeem the code for an access token.

See this article for more details: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-access-tokens

from active-directory-b2c-dotnetcore-webapp.

@parakhj Here's the setup. Have two app registrations. This web app (this repo) is one of them, then I have a Web API as the second one. I created published scopes for the Web API and in the Web app I added (in the API Access area of the portal) both the Web App and the Web API apps as permitted scopes. So I did item 1 and item 2 that you mention. As for Item 3, since my web app is the code from this repo, lines 43-58 in OpenIdConnectOptionsSetup.cs are already doing that. As for item 4, again, this repo has that wired up. Basically, if I merely swap out the app settings I get different behavior so the difference has to be in the B2C configuration. The OnAuthorizationCodeReceived callback occurs and it calls AcquireTokenByAuthorizationCodeAsync but the response only contains a new token id value with all the same claim info as the oriignal token id passed in except that it contains a nonce value instead of "defaultNonce" so the call appears to be doing something. It just IS NOT returning a value for AccessToken. Just FYI, if I use the id_token JWT and pass that as the Bearer token(since the Access Token is null) to the web api, the web api validates it and gives me access and returns the sample response. I don't understand why passing the 'code' to AcquireTokenByAuthorizationCodeAsync does not return an AccessToken but does return a new id_token with the nonce value set.

from active-directory-b2c-dotnetcore-webapp.

@parakhj @Marren85 I figured out the issue after fiddling for quite a while. The solution was actually very simple. The API Scope you request is NOT the published scope name, its the published scope VALUE. If the name is demo.read and the value is 'READ' then you request [APP ID URI]/READ and NOT [APP ID URI]/demo.read

from active-directory-b2c-dotnetcore-webapp.

@4deeptech sorry about that. We are working to improve the documentation/UI.

from active-directory-b2c-dotnetcore-webapp.