1

I am trying to authenticate against Azure AD B2C with Paw. I get to the point where I receive the login page, I can successfully log-in, then the application loads in the same log-in windows, however, the log-in dialog never goes away and stays on "Waiting for Authorization" - No code found so far.

Following Settings: 

Authorization Type: OAuth2
Grant Type: Authorization Code
Client ID: xxxxx

Authorization URL: https://login.microsoftonline.com/{B2C domain}.onmicrosoft.com/oauth2/authorize?response_mode=query&p=B2C_1_signupin


Access Token URL: https://login.microsoftonline.com/{B2C domain}.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_signupin

Redirect URL: http://{application url}

Scope: offline_access
State: Nonce

Token: Bearer _____

Has anyone been successful with Azure AD B2C and Paw ?

chadgates
  • 11
  • 2
  • Can you check the authorization URL includes "/oauth2/v2.0/authorize"? – Chris Padgett Mar 06 '18 at 22:00
  • Yes, it does, as above .... login.microsoftonline.com/xxxx.onmicrosoft.com/oauth2/authorize?response_type=code+id_token&response_mode=query&p=B2C_1_signupin where "xxxx" stands for the domain name for the B2C Service. – chadgates Mar 07 '18 at 15:16
  • 1
    It must include the /v2.0 path: i.e. login.microsoftonline.com/xxx.onmicrosoft.com/oauth2/v2.0/authorize?.. – Chris Padgett Mar 07 '18 at 20:53
  • Thanks Chris, have done that. Created new application on Azure as was not allowed with previous Client_ID, but have same result, login dialog - successful login, waiting for credentials... – chadgates Mar 08 '18 at 08:02
  • Thank you @chadgates. Similarly, the token endpoint URL might have to be changed, to login.microsoftonline.com/xxx.onmicrosoft.com/oauth2/v2.0/token?p=... The token endpoint URL in the original question doesn't resolve to an actual host. – Chris Padgett Mar 08 '18 at 08:12
  • This might help to diagnosis: [postman b2c](https://stackoverflow.com/a/47564076/185123) – spottedmahn Mar 08 '18 at 21:06
  • @ChrisPadgett : I copied that wrong into my example, my bad. But locally I actually had it correct. – chadgates Mar 09 '18 at 14:12

1 Answers1

0

It took me a while to figure out how to get this going too, but I eventually got it working and delivering an access token using a Sign Up and Sign In policy. The key was on this page, which describes all of the parameters:

https://learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow

The key for me was this note on scope:

Using the client ID as the scope indicates that your app needs an access token that can be used against your own service or web API, represented by the same client ID.

Sure enough, after defining my Client ID in both the Client ID and Scope field, I got it to start returning the auth token.

To be thorough, here's how all my fields are defined:

Grant Type: Authorization Code
Client ID: <Application/Client ID>
Client Secret: <None>
Authorization URL: https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{profile}/oauth2/v2.0/authorize
Access Token URL: https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{profile}/oauth2/v2.0/token
Redirect URL: <Redirect URL>
Scope: <Application/Client ID>
JacobJ
  • 3,677
  • 3
  • 28
  • 32