Request an access token in Azure Active Directory B2C Error
I am trying to exchange for an access token from Azure B2C to identify for the User's oid right after they sign up or sign in, but each time I make the request, I encounter the following error message:
Status 404 Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
The guide I followed is from Microsoft's page: https://learn.microsoft.com/en-us/azure/active-directory-b2c/access-tokens
POST <tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/token HTTP/1.1
Host: <tenant-name>.b2clogin.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&client_id=<application-ID>
&scope=<application-ID-URI>/<scope-name>
&code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMC...
&redirect_uri=https://jwt.ms
&client_secret=2hMG2-_:y12n10vwH...
Here is what I have in place of Microsoft's example:
URL: dev.mycompanyname.net.b2clogin.com/devb2c.dev.mycompanyname.net.onmicrosoft.com/B2C_1_Sign/oauth2/v2.0/token
dev.mycompanyname.net is retrieved from either (Microsoft Entra ID -> Overview -> Primary domain) or (Azure AD B2C -> Overview -> Domain Name) Both gave me 'dev.mycompanyname.net'
B2C_1_Sign is retrieved from (Azure AD B2C --> Policies --> User Flows --> Name --> 'A policy I used to sign in, the exact name')
grant_type=authorization_code
client_id=I got this value from (App Registration --> My App --> Overview --> Application (client) ID)
code=(The exact code after ?code=, when the sign up or sign in process finish and my callback, or redirect gets called)
redirect_uri=(App Registration --> My App --> Managed --> Authentication --> Redirect URls)
client_secret=I got this from (App Registration --> My App --> Managed --> Certificates & Secrets --> Value)
I removed scope as I didn't have any scope added.
Here is the screenshot of Postman with the values:
Here is what I have as the Headers:
Content-Type: application/x-www-form-urlencoded
Host: dev.mycompanyname.net.b2clogin.com
I am using tenant name with what I see as the domain name:
I have my redirect Url added and matching.
What am I missing here, why am I not able to exchange the code for an access token?
SOLUTION:
Thank you @Sridevi, my URL was indeed incorrect. For some reason, the tenant name that I got was incorrect, even though that is where Microsoft tells me to look. For anyone facing a similar issue on the URL, and think its their tenant name, I got a different tenant name from the Manifest.
Azure Home -> App Registration -> All Apps -> 'Choose your App' -> Manage -> Manifest -> publisherDomain -> 'Value'.onmicrosoft.com
Mine was:
"publisherDomain": "clientdevb2c.onmicrosoft.com"
I grabbed the 'clientdevb2c' part as my tenant name.
Initially, I registered one application with redirect URI as https://jwt.ms in my Azure AD B2C tenant:
Now, I enabled Application ID URI and exposed an API with below scope:
Make sure to add this scope in API permissions and grant admin consent to it:
To request an access token, you need an authorization code. You can run below authorization request in browser to get code:
GET https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/authorize?
client_id=<application-ID>
&nonce=anyRandomValue
&redirect_uri=https://jwt.ms
&scope=<application-ID-URI>/<scope-name>
&response_type=code
Once the authentication is successful, you will get code value in address bar like this:
To request the access token in Azure AD B2C, I used below parameters in Postman and got response like this:
POST https://b2ctenantname.b2clogin.com/b2ctenantname.onmicrosoft.com/B2C_1_SignIn/oauth2/v2.0/token
grant_type:authorization_code
client_id:appId
scope: https://b2ctenantname.onmicrosoft.com/appId/Files.Read
code: <code from above request>
redirect_uri: https://jwt.ms
client_secret: secret
Response:
You can decode this access token in jwt.ms website to find the signed-in user's Object ID:
The error you are getting usually occur if you include any extra/invalid character in B2C tenant name while running token request.
When I ran same token request with extra character - in tenant name, I too got same error like this:
POST https://b2c-tenant-name.b2clogin.com/b2c-tenant-name.onmicrosoft.com/B2C_1_SignIn/oauth2/v2.0/token
grant_type:authorization_code
client_id:appId
scope: https://b2ctenantname.onmicrosoft.com/appId/Files.Read
code: <code from above request>
redirect_uri: https://jwt.ms
client_secret: secret
Response:
In your case, make sure to pass your Azure AD B2C tenant's name in the token request correctly.
- Azure C# Cosmos DB: Property "id" is missing when it's actually present
- Azure Permission - needed for creating resource group - RBAC
- Unable to locate executable file: 'bash'. Please verify either the file path exists
- Can the Azure Service Bus be delayed before retrying a message?
- azure documentdb create document duplicates Id property
- JWT validation failure error in azure apim
- Azure App Service and Application Insights where is performance test?
- Is it possible to have a non-interactive code that logs in to Azure and creates users in Microsoft Entra ID?
- Change Default Service Version of Microsoft Azure Blob - PHP
- Microsoft Graph: How to filter users by domain name
- Azure App Service Plan CPU Spikes to 100%
- Unable to Authenticate to DevOps API with Angual MSAL
- Azure Databricks: Not able to parameterize keys option of dlt.apply_changes
- ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
- Attaching a private static ip address to Azure Container Instance
- Azure Synapse severless SQL pool - query execution fails
- How to login via Service Principal having Federated Credentials rather than Client Secrets
- Where can I find the resource id of an Azure function app in the Azure portal?
- How to forward access-control-allow-origin header from a Web App to a Front Door?
- Basic SQL commands in Terraform
- Linux Azure Webjob in nodejs referring to node.exe
- Running Azure functions locally gives "No runtime" error after .NET7 upgrade
- Azure DataSync tables not showing up
- Azure ML: Unable to find workspace
- unable to start 'Docker for windows' on Azure Win 10 VM
- How to enable virtualization in Azure VM
- Configuring AppSettings with ASP.Net Core on Azure Web App for Containers: Whither Colons?
- how to get v2 type token using msal python
- The mock in my pester test keeps calling Connect-AzAccount
- HttpResponseError in Azure Ai search