5

I followed the steps in Create an ASP.NET web app with Azure Active Directory B2C sign-up, sign-in, profile edit, and password reset and used the sample code to prototype Azure AD B2C for our company.

  • The only change is that I used my domain name instead of the sample domain and modified the web.config
  • I have defined the scope and App ID for API application
  • I get the Id token but not the access token

Any suggestion on what the issue could be?

enter image description here

spottedmahn
  • 14,823
  • 13
  • 108
  • 178
frosty
  • 2,421
  • 6
  • 26
  • 47
  • App Id for the API app is https://*****.onmicrosoft.com/tasks/ . Scope names are "read" and "write" – frosty Dec 13 '17 at 20:00
  • In the portal there is a warning "No subscription is linked to this B2C tenant...". Does this have anything to do with no access token being returned? – frosty Dec 14 '17 at 05:16

2 Answers2

2

One of the steps is missing in Create an ASP.NET web app with Azure Active Directory B2C sign-up, sign-in, profile edit, and password reset documentation.

The access token is returned once you give the API access to Web Application following the steps described here.

spottedmahn
  • 14,823
  • 13
  • 108
  • 178
frosty
  • 2,421
  • 6
  • 26
  • 47
  • @spottedmahn why are you linking https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-web-dotnet-susi all over the place in your suggested edits? – jontro Dec 15 '17 at 00:26
  • Hello @jontro - don't you find it easier to read titles than urls? And more self-documenting... – spottedmahn Dec 15 '17 at 14:04
2

I had this problem when everything about my request was correct except the scope I was requesting. I would get an id_token returned, but not an access_token. I was using the sample from here: https://dzimchuk.net/setting-up-your-asp-net-core-2-0-apps-and-services-for-azure-ad-b2c/ (a superb article by the way). I had run the app but without having defined the read_values scope in the Application Published Scopes in my Azure B2C tenant. The issue you describe manifested itself in these lines of code from that sample.

var result = await client.AcquireTokenByAuthorizationCodeAsync(context.TokenEndpointRequest.Code, new[] { $"{authOptions.ApiIdentifier}/read_values" });

context.HandleCodeRedemption(result.AccessToken, result.IdToken);

result.IdToken was fine, result.AccessToken was null until I correctly defined the read_values scope in my azure b2c tenant.

ubienewbie
  • 1,771
  • 17
  • 31