Calling web api from SPA giving error: Azure AD b2c
Here is my aim: I would like to get an access token to call web api from my Spa application.
I created 2 azure b2c applications; one for web api and other for spa application(client).
I added scopes(api.read) by exposing api in web api application. I granted permission to these scopes from spa application.
I created one userflow with Sign up and sign in policy.
To generate the token, I used PKCE flow by getting auth code.
POST https://tenant.b2clogin.com/tenant.onmicrosoft.com/policy/oauth2/v2.0/token
grant_type: authorization_code
client_id: api_appid
scope: https://tenant.onmicrosoft.com/web_api/api.read
redirect_uri: https://localhost:435
code:
code_verifier:
The thing is I get the token but while calling the web api, it's giving error like:
Either scp or roles claim need to be present in the token
What could be the problem?
I tried to reproduce the same in my environment and got below results:
I registered one Azure AD B2C application for Web API and added scopes as below:
Now I created one SPA registration and added API permissions by granting consent like this:
I created Sign up and sign in policy and ran the user flow as below:
When I signed-in as a user it gave me auth-code in address bar like below:
I generated the access token via Postman with parameters like this:
POST https://tenant.b2clogin.com/tenant.onmicrosoft.com/policy/oauth2/v2.0/token
grant_type: authorization_code
client_id: SPA_appid
scope: https://tenant.onmicrosoft.com/web_api/api.read
redirect_uri: redirect_uri
code: code
code_verifier: code_verifier
When I decoded the token, I got the scp claim successfully like below:
Make sure to select Application as SPA App and resource as Web_api while running the user flow to get auth code.
While generating access token, you should give SPA_AppId in client_id parameter.