Integrating Keycloak with Azure B2C as identity provider and using authorization code flow
I am trying to integrate Keycloak with Azure B2C using authorization code flow. I have Keycloak instance deployed as Azure App Service, Azure B2C tenant and demo SPA app am trying to authenticate with Azure B2C through Keycloak. First i started with trying to directly authenticate SPA with Azure B2C and after direct authentication worked i tried to put Keylcoak in the middle. And here is where i got stuck.
In azure b2c i have keycloak registered as application with redirect url specified as SPA to authenticate using authorization code flow: 
In keycloak i registered Azure B2C as identity provider: 
And finally my SPA config looks like this (i use oidc-client):
authority: environment.keycloakB2CConfig.url + '/realms/' + environment.keycloakB2CConfig.realm,
client_id: environment.keycloakB2CConfig.clientId,
redirect_uri: 'http://localhost:4200/auth-callback',
post_logout_redirect_uri: 'http://localhost:4200',
response_type: 'code',
scope: 'https://myorgname.onmicrosoft.com/all/allApi openid profile offline_access',
filterProtocolClaims: true,
loadUserInfo: false
After all those manipulations i get error in Azure B2C : Public clients should not send a client_secret when redeeming a publicly acquired grant.
It looks for me that Azure B2C treats Keycloak as public client because it is registered as SPA and because of that it is not happy with it sending client secret to authenticate. On the other hand i don't get how can i register Keycloak with Azure B2C to support authorization code flow other than SPA. I also can't find any option in Keycloak to register Identity provider without sending client secret. Documentation and tutorials are very limited so if anyone was able to successfully integrate those two in any way possible (even if it only through implicit flow) - please help.
You are on the right tracks and the flow will work like this:
A). The client (SPA) runs a code flow as a public client against the authorization server (AS) which is Keycloak in your case
B). The AS runs a second code flow as a cobfidential client to the identity provider (IDP) which is Azure B2C in your case
Registration will work like this:
1). Register an SPA public client in the AS, without a client secret
2). Register the AS as a confidential client in the IDP. This will generate a client ID and secret.
3). Register an OpenID Connect IDP in the AS using the same client ID and secret.
So it feels like the main changes you need to make are in steps 2 and 3 above. In step 2 choose the web platform for the client in Azure B2C, not the SPA type.
- What is #auto attribute here and why it is required
- Angular 7 - best way to get updates from the server to app
- Error in Angular components shows loading and not loading using if-else
- 'Vite. http proxy error at /weatherforecast...' error when launching the Angular and ASP.NET Core app in Visual Studio
- TS2305: Module '@angular/core/testing' has no exported member async
- Downloading File from Spring into Angular Gives undefied result
- Why my form validation while logging in is not working?
- Angular 8 - HttpInterceptor - read response headers
- Upgrading to latest angular 18 with ng2-charts errors on nsg-serve
- MatDatePicker start week on monday
- Could not find an NgModule. Use the skip-import option to skip importing in NgModule
- Difference between *ngFor vs @for in Angular 17
- Angular @if vs ngIf, are they different?
- Cannot align button in the center using Bootstrap 5 and Flexbox
- Angular Material UI component for search bar?
- How to get mat select selected value in tool tip using angular material
- Error handling with Angular2 async pipe
- I am stuck with BehaviorSubject in angular
- TypeScript: variable is possibly 'undefined'.ts(18048)
- Using Async Await in Angular computed signal
- Angular passing a value from child component to disable button in parent component
- Published on webserver core8 api works from POSTMAN and from weserver published frontend but ERR_CONNECTION_RESET from client browser
- Time difference function giving negative value
- Adding and styling buttons to material datepicker to fit in seamlessly
- Angular 2 - subscribing to Observable.fromEvent error: "Invalid event target"
- New Angular @if template syntax is not working in my webapp
- angular typed form events to outputFromObservable breaks when form get assigned to new form object
- Capacitor error with @capacitor-community/bluetooth-le
- Angular: How to programmatically trigger DOM events, like mouse click?
- parse json content of for key before use in angular 6 template