I'm trying to set up a page with an Azure AD B2C Sign-Up and Sign-In User Flow, which will then automatically log in to Azure AD as part of the flow. Specifically, I'm trying to create a User Flow that will allow the user to sign in to Azure AD B2C, and automatically have them sign in to Power Apps as a consequence. I'm using the following document as a guide:
I've confirmed the pre-requisite part is working. On my Sign up and Sign In page, I'm able to create an account, and I'm able to log in with the account. However, when I log in, I am not being automatically logged in to the Azure AD account as I would expect.
I have a whole bunch of screenshots I've taken with obfuscated data, if they would help, but I think the piece of the puzzle that likely explains the problem is this one:
This seems pretty similar to how it is configured over on the other side of the equation:
However, there seems to be a key difference between the two. In the former case, I get a URL of the following format:
https://[B2CDOMAIN].b2clogin.com/[B2CDOMAIN].onmicrosoft.com/oauth2/v2.0/authorize?p=[B2CUserFlow]&[MORE QUERY STRING STUFF]
In the latter, my URL looks like this:
https://[B2CDOMAIN].b2clogin.com/[A GUID]/[B2CUserFlow]/oauth2/v2.0/authorize?[MUCH MORE QUERY STRING STUFF BUT NO p= ONE].
I don't know if this gives any indications, or if it's just a red herring. At the moment, I'm not getting any errors or anything - I'm simply not being signed in on the Azure AD side.
The default behaviour for this is that you have to select the AAD button to kick off the federation.
If you want to login automatically (no button click) you have to use custom policies.
So you login to your local account and then the policy takes you to AAD where you should be logged in as long as the custom policy is set up for SSO.
I've never done this for OIDC but I have for SAML and it works there.