openid-connectazure-ad-b2caccess-tokenpkceangular-auth-oidc-client

B2C authentication not returning access_token


I am trying to implement Authorisation Code Flow with PKCE an angular project. I am using angular-auth-oidc-client. We already have an existing IdentityServer4 based in-house implementation that the the client works well against, but we are now trying to migrate our authentication to Azure AD B2C rather than having it in-house.

I have configured a Azure AD B2C and my client app. Here's the configuration: My app configuration

Here's my configuration on the client OIDC service:

oidcConfigService.withConfig({
    stsServer: 'https://login.microsoftonline.com/mycompany.onmicrosoft.com/v2.0',
    authWellknownEndpoint:
        'https://mycompany.b2clogin.com/mycompany.onmicrosoft.com/B2C_1_SignUpSignIn/v2.0/.well-known/openid-configuration',
    redirectUrl: window.location.origin,
    postLogoutRedirectUri: window.location.origin,
    clientId: 'client-id-guid-goes-here',
    scope: 'openid profile offline_access',
    responseType: 'code',
    silentRenew: true,
    autoUserinfo: false,
    silentRenewUrl: window.location.origin + '/silent-renew.html',
    logLevel: LogLevel.Debug,
    renewTimeBeforeTokenExpiresInSeconds: 60
});

Problem: in the token response there is no access token: No access_token

Even though I've checked the accesss_token checkbox at client configuration. What am I missing here?


Solution

  • The access token is not included because you are not requesting access to something.

    You need to pass some addtional scope here:

    scope: 'openid profile offline_access',