如何使用 B2C 和 Blazor 获取 JWT 不记名令牌

Question

I've created a new Blazor app using the Visual Studio template adding B2C using the wizard during the project creation.

All works great with authentication. I can sign in using my favorite identity provider and receive the id_token. I don't know where I can get the id_token, but I can see the claims in my user identity.

What I need help with is how do I take the information in the claims to acquire the access token. I need this token to call my endpoints.

This seems like it should be straightforward and a common thing, but I can't seem to find any good examples.

In a normal MVC app, I can get this through the ConfidentialClientApplicationBuilder.AcquireTokenByAuthorizationCode but that doesn't work in Blazor (unless I'm doing something wrong).

I've tried this: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-access-tokens

I think it'll work. How do I get "code"(id_token) in my blazor app? It's what is decoded behind the scenes and all I can find are the claims resulting from decoding the "code".

I've used the azure's "Run user flow" to access an example id_token("code") and pasted it into my project and made the call in the link above and it seems to work. I'm running into permission issues, but it's at least a successful call.

Maybe if I can just get access to the id_token I can make it work from there?

Answer 1

This seems like a client side app, similar to a SPA. In which case you must use the implicit flow, where the response type is “id_token token”, and returns an id token and access token to the browser in one call. This isn't an exact answer, but only our MSAL.js library can make this type of call, but Blazor seems to use C#, and msal .net does not do client side auth calls. acquireTokenByAuthCode() would work client side as long as you register the app as a native app, so a secret is not required.