Home > Back-end >  Getting Error AADB2C99067 when trying to request access token from Azure B2C
Getting Error AADB2C99067 when trying to request access token from Azure B2C

Time:07-30

I have an Azure AD B2C tenant setup with an Angular app on the front-end using Authorization Code Flow with PKCE and a back-end api. Everything is working fine. I now have a need to allow the user to access certain pages on the front-end anonymously. I would prefer to still protect the apis these pages will call using the same access token.

I have followed the article here to set up Client Credentials flow. I am able to get an access token successfully using Postman and use it to call my back-end apis fine. However, when I try to do the same from the Angular app, I get the following error:

{"error":"invalid_request","error_description":"AADB2C99067: Public Client XXXXX-XXXXXX is not supported for Client Credentials Grant Flow\r\nCorrelation ID: 2b3346ef-1828-4900-b890-06cdb8e0bb52\r\nTimestamp: 2022-07-28 04:12:21Z\r\n"}

Below is the code snippet I am using in Angular to retrieve the access token.

const urlencoded = new URLSearchParams();
urlencoded.set('grant_type', 'client_credentials');
urlencoded.set('client_id', '<clientid>');
urlencoded.set('client_secret', '<clientsecret>');
urlencoded.set('scope', '<scope>');
const httpOptions = {
headers: new HttpHeaders({ 'Content-Type': 'application/x-www-form-urlencoded' }),
};
const url = 'https://<b2ctenant>.b2clogin.com/<b2ctenant>.onmicrosoft.com/<customPolicy>/oauth2/v2.0/token';
return this.httpClient.post(url, urlencoded, httpOptions);

Any ideas what could be missing?

Thanks!

CodePudding user response:

Though azureadb2c supports client_credential flow.One may not use them with SPA apps. This scenario is not supported by MSAL.js. Client credential flow/ grant type will not work in SPAs(Angular) because browsers cannot securely keep client secrets. As they may end up in the browser, visible to everyone and to attackers that load them.

Note:As the application's own credentials itself are being used, they must be kept safe - never publish that credential in your source code

If you are using it for web app , please make sure to select the platform as web or change the reply url type to be web.

"replyUrlsWithType": [
    {
        "url": "https......",
        "type": "Web"
    },
]

Please refer :

  1. Configure authentication in a sample Angular SPA by using Azure Active Directory B2C | Microsoft Docs
  2. OAuth 2.0 client credentials flow on the Microsoft identity platform- Microsoft Entra | Microsoft Docs

Page link:https//www.codepudding.com/Backend/493602.html

Prev:Azure function not firing after deploy
Next:PageBlobClient::UploadPages throws "InvalidHeaderValue"
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding