I want to extract authorization code from B2C but without log in to it, is that possible?
I am looking to get tokens for Alexa skill linking without requiring a user to be present
With what exactly I have a problem:
can the backend of app ask for an authorization code from B2C directly without login screen ?
What do they mean in the diagram by "your's app backend Server"
CodePudding user response:
As @DaveD answered, you get an authorisation code using the authorisation code grant and for that, you have to log in.
If you don't want to log on, you can use client credentials but that does not have an authorisation code. B2C does not currently support this.
If you don't want to log on, you can use ROPC but that does not have an authorisation code.
Perhaps you are rather looking to acquire an access token?
CodePudding user response:
Based on your attached image I don't think the interaction here is to do with B2C, it's all to do with Amazon.
The sequence diagram shows an app interacting with Amazon/Alexa, effectively to perform a login and retrieve an authorization_code. The code is coming from Amazon/Alexa, not from B2C.
It's showing that a backend app should receive that authorization_code then exchange it with Amazon for a set of tokens, i.e. an access_token allowing you to access the Alexa Service, and a refresh_token so you can refesh that access_token when it expires without requiring additional user input.
The authorization_code that the diagram is telling you to retrieve is that authorization_code originally returned from Amazon/Alexa. It's the same one that you used to acquire the access_token and refresh_token (at least by my understanding of what's presented solely in the diagram).
The backend server in the diagram is your app's backend server, it's where your code is that handles user authentications, interacts with databases and caches, that kind of thing. What exactly the backend server is in your case will depend on the architecture of your particular solution, there isn't necessarily an easy answer to this.
The only part of the diagram that would be handled by B2C is the very first two steps where the user logs in and has a token returned. However, the diagram assumes that that login is handled by your app, it's not showing authentication against some external token service like B2C, so it's important to understand that "backend server" here is not B2C.