Azure AD B2C -> OAuth2 -> Azure Function App Token Exchange
Question
I'm fairly new to authentication, token exchanges and Azure AD B2C.
I've built an Azure AD B2C tenant in my portal and set the Redirect URI to be localhost (an Azure Function I'm running locally on Visual Studio). I know that after the browser takes you to the redirect URI it passes the authorization_code back through the URI, I'm able to save that code as a variable in my function but I'm afraid I'm lost on what to do after that. VS
[FunctionName("Login")]
public static string Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
string name = req.Query["code"];
return name;
}
I know I have to make a POST request to the /token endpoint but when I pass in the authorization_code I get this response in postman
{
"error": "invalid_request",
"error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: a79790d9-5ab8-488e-bd5a-0e1feecd1d00\r\nCorrelation ID: 6f065d48-61d3-4193-99bf-e14f3a6951aa\r\nTimestamp: 2020-01-23 20:45:33Z",
"error_codes": [
900144
],
"timestamp": "2020-01-23 20:45:33Z",
"trace_id": "a79790d9-5ab8-488e-bd5a-0e1feecd1d00",
"correlation_id": "6f065d48-61d3-4193-99bf-e14f3a6951aa",
"error_uri": "https://login.microsoftonline.com/error?code=900144"
}
From my function how do I pass these parameters into the body to the /token endpoint? Any help would be appreciated. Best.
1 answers
solution1
0 ACCPTED 2020-01-25 20:07:52
That error indicates you are using the AAD token endpoint and not the AAD B2C token endpoint.
The correct endpoints are here for AAD B2C. https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-oidc#send-authentication-requests
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.