Search code examples
xamarinaccess-tokenazure-ad-b2c

Access Token in Azure AD B2C

We have integrated a sample Xamarin app with AAD B2C by following the guidelines provided in https://github.com/Azure-Samples/active-directory-b2c-xamarin-native

We are not invoking the CallAPI method now. As a response after authentication, we are just receiving the id_token and not access_token.

Do I have to mandatorily invoke the API for getting the access token generated? We are not using client_secret.

Does the response post authentication not include the id_token and access_token, both?

Solution

  • This is the call that is used to sign the user in interactively (source):

        private async Task<UserContext> SignInInteractively()
    {
        IEnumerable<IAccount> accounts = await _pca.GetAccountsAsync();

        AuthenticationResult authResult = await _pca.AcquireTokenInteractive(B2CConstants.Scopes)
            .WithAccount(GetAccountByPolicy(accounts, B2CConstants.PolicySignUpSignIn))
            .ExecuteAsync();

        var newContext = UpdateUserInfo(authResult);
        return newContext;
    }

    If valid [scopes] are present, configured as described here (reproduced below for permanence), then you will get both the id_token and access_token. If you do not provide a proper scope, then the only scope will be openid, and only return an id_token, since there is no resource to obtain an access token for.

    [OPTIONAL] Step 4: Create your own Web API

    This sample calls an API at https://fabrikamb2chello.azurewebsites.net which has the same code as the sample Node.js Web API with Azure AD B2C. You'll need your own API or at the very least, you'll need to register a Web API with Azure AD B2C so that you can define the scopes that your single page application will request access tokens for.

    Your web API registration should include the following information:

    • Enable the Web App/Web API setting for your application.
    • Set the Reply URL to the appropriate value indicated in the sample or provide any URL if you're only doing the web api registration, for example https://myapi.
    • Make sure you also provide a AppID URI, for example demoapi, this is used to construct the scopes that are configured in you single page application's code.
    • Once your app is created, open the app's Published Scopes blade and create a scope with read name.
    • Copy the AppID URI and Published Scopes values, so you can input them in your application's code.

    [OPTIONAL] Step 5: Create your own Native app

    Now you need to register your native app in your B2C tenant, so that it has its own Application ID. Don't forget to grant your application API Access to the web API you registered in the previous step.

    Your native application registration should include the following information:

    • Enable the Native Client setting for your application.
    • Once your app is created, open the app's Properties blade and set the Custom Redirect URI for your app to msal<Application Id>://auth.
    • Once your app is created, open the app's API access blade and Add the API you created in the previous step.
    • Copy the Application ID generated for your application, so you can use it in the next step.