Is it possible to use ROPC to update profile if sign-in was done using Authorization Code with MFA?
We're in the process of migrating our authentication process from ROPC to Authorization Code with MFA. We currently use ROPC for Sign Up, Sign In, Reset Password, Forgot Password, and Profile Edit. Due to the MFA requirement, we need to move the Sign Up, Sign In, Reset Password, and Forgot Password flows over to the Authorization Code flow.
Does anyone know if it will be possible to continue using ROPC for the Profile Edit part? Or will it be blocked because of the MFA requirement?
I agree with @rbrayb, it will be blocked if your Profile Edit user flow has MFA enabled.
You need to use interactive flows like authorization code flow if MFA is enabled for either user flows or users.
To get authorization code, make use of below authorization request:
https://b2ctenant.b2clogin.com/b2ctenant.onmicrosoft.com/B2C_1_ProfileEdit/oauth2/v2.0/authorize?
&client_id=appID
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=https://b2ctenant.onmicrosoft.com/xxxxxx/access_as_user
&state=12345
When I ran above request in browser, it asked for MFA like this:
After completing MFA, it asked to update User Details like below:
Later, it redirected me with authorization code value in address bar like this:
I generated access token using authorization code flow via Postman with below parameters:
POST https://b2ctenant.b2clogin.com/b2ctenant.onmicrosoft.com/B2C_1_ProfileEdit/oauth2/v2.0/token
grant_type:authorization_code
client_id:appID
client_secret:secret
scope: https://b2ctenant.onmicrosoft.com/xxxx/access_as_user openid
code:<code_from_above_Step>
redirect_uri: https://jwt.ms
Response:
When I decoded the token by pasting it in jwt.ms, it has claims like below:
In your case, you cannot use ROPC flow if Profile Edit user flow has MFA enabled. Instead, you have to use interactive flow like authorization code flow for Profile Edit part too.
- Trigger azure function on user registration in b2c
- Confused on how to get access tokens from B2C in Blazor App
- Using different layout for unauthenticated users in Blazor WASM
- Add claims into token Azure B2C
- I am getting an error that OAuth2 Code has already been redeemed
- Azure B2C modify SAML AccessTokenLifetime
- Cannot create Azure B2C Tenant
- My Azure AD B2C User Flow is not returning a token on jwt.ms
- Azure B2C user flow without an email
- Azure B2C Custom Policy - REST Call with Bearer Token from OIDC Step
- how to limit code verification email Spaming in Azure B2C
- Local user accounts not created properly in Azure AD B2C
- How do add device management to TOTP custom B2C policy?
- Server error occured while using B2C on Azure API Management Develop portal
- Changing Default Email Address in Azure AD B2C User Flows Without Custom Policies
- Can you create 'User Flows' in Azure with a pay-as-you-go account
- AADB2C90068: The provided application with ID is not valid against this service. Please use an application created via the B2C portal and try again
- Azure B2c error 'Unable to validate the information provided.' when using custom attributes
- Azure B2C multi-tenant Microsoft Entra ID doesn't allow sign in as another Microsoft account
- In Azure AD B2C who provides the ID token?
- Azure: Use App Gateway for Custom B2C Domain instead of Front Door
- How to add UAE Pass as identity provider to Azure AD B2C
- Configuration in Azure AD B2C for Custom Policies
- Azure B2C - Password Rules Not Reflecting (Signup + Password Reset)
- Need help getting Azure AD B2C SSO with Azure AD
- Azure B2C - confusing expiring fields in refresh token
- Azure Static Web App - Only Allow Authenticated Users (Entra, B2C)
- KeyCloak Integration with Azure B2C UserName Mapping Issue
- How do I programmatically clear or update a phone number for Azure AD B2C MFA?
- B2C - How to override sign up now link (custom policy)