I am trying to implement Authorisation Code Flow with PKCE an angular project. I am using angular-auth-oidc-client. We already have an existing IdentityServer4 based in-house implementation that the the client works well against, but we are now trying to migrate our authentication to Azure AD B2C rather than having it in-house.
I have configured a Azure AD B2C and my client app. Here's the configuration:
Here's my configuration on the client OIDC service:
oidcConfigService.withConfig({
stsServer: 'https://login.microsoftonline.com/mycompany.onmicrosoft.com/v2.0',
authWellknownEndpoint:
'https://mycompany.b2clogin.com/mycompany.onmicrosoft.com/B2C_1_SignUpSignIn/v2.0/.well-known/openid-configuration',
redirectUrl: window.location.origin,
postLogoutRedirectUri: window.location.origin,
clientId: 'client-id-guid-goes-here',
scope: 'openid profile offline_access',
responseType: 'code',
silentRenew: true,
autoUserinfo: false,
silentRenewUrl: window.location.origin + '/silent-renew.html',
logLevel: LogLevel.Debug,
renewTimeBeforeTokenExpiresInSeconds: 60
});
Problem: in the token response there is no access token:
Even though I've checked the accesss_token checkbox at client configuration. What am I missing here?
The access token is not included because you are not requesting access to something.
You need to pass some addtional scope here:
scope: 'openid profile offline_access',