0

I have a ReactJS application that uses Azure B2C for user sign up / sign in functionality. I want to be able to read / update the users data that is stored in B2C via the Microsoft Graph API.

What I've done so far is request an access token for the signed in user via acquireTokenSilent which successfully returns a jwt token. However when calling the Graph API I get a 401 Access token validation failure. Invalid audience

function requestProfile() {
        instance.acquireTokenSilent({
            scopes: ["offline_access"],
            account: accounts[0]
        }).then((response) => {
            const token = response.idToken;
            console.log(token);
            callMsGraph(token, "GET", "https://graph.windows.net/v1.0/me").then(response => {
                setGraphData(response.data);
                console.log(response.data);
            });
        });
    }

Is this even possible?

Matthew
  • 596
  • 1
  • 8
  • 29
  • I have tried both the microsoft.com and windows.net api endpoints, windows.net being Azure AD (which made sense to me as this is a call to a b2c user identity?) Neither work for me – Matthew Jul 18 '22 at 06:31

1 Answers1

2

No it’s not possible. Either use client credential flow and have your server call graph api on the users behalf, or use the profile edit user flow.

Jas Suri - MSFT
  • 10,605
  • 2
  • 10
  • 20
  • Thanks for this, what we ended up doing was making a backend process that authenticates the users JWT and then makes the change in B2C using an app registration certificate as its authentication method. That way we know the user is signed in and allowed to make changes to their own account by validation of the JWT and don't need to worry about anything else – Matthew Jul 26 '22 at 02:46