B2C authentication not returning access_token
I am trying to implement Authorisation Code Flow with PKCE an angular project. I am using angular-auth-oidc-client. We already have an existing IdentityServer4 based in-house implementation that the the client works well against, but we are now trying to migrate our authentication to Azure AD B2C rather than having it in-house.
I have configured a Azure AD B2C and my client app. Here's the configuration:
Here's my configuration on the client OIDC service:
oidcConfigService.withConfig({
stsServer: 'https://login.microsoftonline.com/mycompany.onmicrosoft.com/v2.0',
authWellknownEndpoint:
'https://mycompany.b2clogin.com/mycompany.onmicrosoft.com/B2C_1_SignUpSignIn/v2.0/.well-known/openid-configuration',
redirectUrl: window.location.origin,
postLogoutRedirectUri: window.location.origin,
clientId: 'client-id-guid-goes-here',
scope: 'openid profile offline_access',
responseType: 'code',
silentRenew: true,
autoUserinfo: false,
silentRenewUrl: window.location.origin + '/silent-renew.html',
logLevel: LogLevel.Debug,
renewTimeBeforeTokenExpiresInSeconds: 60
});
Problem: in the token response there is no access token:
Even though I've checked the accesss_token checkbox at client configuration. What am I missing here?
Solution
The access token is not included because you are not requesting access to something.
You need to pass some addtional scope here:
scope: 'openid profile offline_access',
- Verifying JWT signed with the RS256 algorithm using public key in C#
- Access user info from SecurityIdentity using quarkus-oidc
- How to map a user attribute to a standard OIDC claim in keycloak
- Sign In with LinkedIn using OpenID Connect with Firebase Auth or GCP Identity Platform
- Ping Federate Settings to configure authorization code grant flow using Postman
- Proper design for th Keycloak auth with APIs and UI
- Assume role in different account using an assumed role with web identity
- The required field 'nonce' is missing from the credential. Ensure that you have all the necessary parameters for the login request. [Azure Open ID]
- Invalid_client using OpenIdConnect in client application
- Custom Claims in a Multitenant Microsoft Entra App
- I/O error on GET request for "https://localhost/application/o/{name}/.well-known/openid-configuration": Connection refused
- Add Github Identity Provider to AWS Cognito
- unsupported_grant_type error for authorization_code grant type: Spring Security OAuth2
- OWIN middleware for OpenID Connect - Code flow ( Flow type - AuthorizationCode) documentation?
- Keycloak with AzureAD how to change the IDP user ID / IDP Links
- How to use the Spring OAuth2 client to retrieve an access token only?
- why offline_access scope is needed to request refresh token in IdentityServer (OAuth2)?
- Not getting authenticated user in middleware with OpenIdConnect in ASP.NET Core 8
- .NET Core OIDC challenge redirect not working with an Angular frontend
- Keycloak: User needs to login every day altough refresh token is set to 30 days
- OpenId Connect Identity Provider initiated backchannel logout not working
- ASP.NET Core 8 and Duende Identity Server Authentication Schemes (OpenIdConnect, Cookies, JWT)
- How should I use the id token returned to me by Google after a successful code exchange?
- Error: Not authorized to perform sts:AssumeRoleWithWebIdentity during OIDC when a PR get merged into main
- How does OpenIdConnectEvents get overrided?
- When to refresh the access token
- Spring authorization server RP-initiated logout not working
- Second login with remote IdP through Keycloak fails, "Invalid username or password"
- In Azure AD B2C who provides the ID token?
- How to use Firebase Authentication with Okta?