Does Azure AD B2C login page send the credentials in clear text?

Does Azure AD B2C login page send the credentials in clear text over the network or does it encrypt the credentials for instance with a public key before sending them over the network?

The idea is to understand if there is a way to prevent clear text credentials over the network. In case of something leaks, it is not the real password.

The follow up question is, what about OpenID Connect and SAML do they support a feature that would help avoid clear text passwords from travelling over the network?

Solution

No, the password is set in the clear.

It's encrypted at the transport layer (https). It won't allow connections over http.

Both SAML and OIDC allow encrypted tokens to be returned to the app.

Need help getting Azure AD B2C SSO with Azure AD
KeyCloak Integration with Azure B2C UserName Mapping Issue
How do I programmatically clear or update a phone number for Azure AD B2C MFA?
B2C - How to override sign up now link (custom policy)
Azure B2C IdP-Access Token fails with IDX10511: Signature validation failed
B2C Sign-up screen shows {OIDC:LoginHint} instead of the login
During signIn receiving B2C error code ‘AADB2C99059’
Azure B2C / WPF - Handling a failed MFA verification flow
Assign B2C User to ExternalAzureAD identity
AADB2C90304: User journey went into a bad state. Claims exchange with id 'LocalAccountSigninEmailExchange' could not be found in orchestration step
"AADSTS900144: The request body must contain the following parameter: 'grant_type'.?
Sign in to Azure B2C with an OpenID account (Microsoft Work email) but prevent user from signing up
Azure b2c still authenticated after hitting logout
Can Azure AD B2C send extension attributes without the extension prefix on a SAML token in a SAML IdP-initiated SSO flow?
Azure B2C Signup page
Azure B2C integration not working on app built using pwabuilder for iOS
Azure AD B2C problem with Self-Service password reset
use of b2clogin.com when acquiring token with Client Credential Grant Flow
Azure B2C does not receive script information written in HTML files uploaded to storage
Azure B2C: Edit Profile via a single page
Azure b2c cutom policy signin validation profile
Mendix and Azure Ad B2C AuthRequest does not have assertion consumer service URL
Azure Active Directory B2C: How to query MS Graph to get a user's alternative security ID?
Did B2C user creation defaults change regarding password reset?
Refresh Tokens and MicrosoftIdentityWebApp
ADB2C Social Log in - what is the difference between alternateSecurityId and userIdentity?
To allow external client application users to access B2C Integrated client website
Correlation failed in asp.net core
Custom attribute as stringCollection on Azure AD B2C
How to get detailed exception in Azure B2C Custom policy by Correlation ID?