Azure AD B2C -> OAuth2 -> Azure Function App Token Exchange

Question

I'm fairly new to authentication, token exchanges and Azure AD B2C.

I've built an Azure AD B2C tenant in my portal and set the Redirect URI to be localhost (an Azure Function I'm running locally on Visual Studio). I know that after the browser takes you to the redirect URI it passes the authorization_code back through the URI, I'm able to save that code as a variable in my function but I'm afraid I'm lost on what to do after that. VS

 [FunctionName("Login")]
        public static string Run(
            [HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req,
            ILogger log)
        {

            string name = req.Query["code"];
            return name;
        }

I know I have to make a POST request to the /token endpoint but when I pass in the authorization_code I get this response in postman

{
    "error": "invalid_request",
    "error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: a79790d9-5ab8-488e-bd5a-0e1feecd1d00\r\nCorrelation ID: 6f065d48-61d3-4193-99bf-e14f3a6951aa\r\nTimestamp: 2020-01-23 20:45:33Z",
    "error_codes": [
        900144
    ],
    "timestamp": "2020-01-23 20:45:33Z",
    "trace_id": "a79790d9-5ab8-488e-bd5a-0e1feecd1d00",
    "correlation_id": "6f065d48-61d3-4193-99bf-e14f3a6951aa",
    "error_uri": "https://login.microsoftonline.com/error?code=900144"
}

From my function how do I pass these parameters into the body to the /token endpoint? Any help would be appreciated. Best.

Answer 1

That error indicates you are using the AAD token endpoint and not the AAD B2C token endpoint.

The correct endpoints are here for AAD B2C. https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-oidc#send-authentication-requests