Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Blazor WebAssembly app with IndividualB2C auth unable to retrieve access token

See original GitHub issue

Problem

My standalone webassembly app is successfully able to initiate an AAD B2C sign in user flow, which returns back to the app with an id token and my user is authenticated, but I am unable to use the HttpClient to make calls to my API because the auth flow never sent back an access token, despite my confirming that the scope query parameter properly contained the API permission:

I believe it has something to do with MSAL.js passing along id_token instead of token for the response_type query parameter, but I have no idea why that happens or how I can control that. I have followed the documentation to setup an access token scope as you can see from the code I share below, but that doesn’t seem to work. That is to say, it properly passes it along in the scope, but an access token is never generated:

Microsoft.AspNetCore.Components.WebAssembly.Authentication.AccessTokenNotAvailableException: 'https://mytenant.onmicrosoft.com/api/api.write'

Configuration

appsettings.json

{
  "AzureAdB2C": {
    "Authority": "https://mytenant.b2clogin.com/tfp/mytenant.onmicrosoft.com/B2C_1_SignIn",
    "ClientId": "<MY_APP_CLIENT_ID>",
    "ValidateAuthority": false
  }
}

Program.cs

private const string ApiScope = "https://mytenant.onmicrosoft.com/api/api.write";

builder.Services.AddHttpClient("ServerAPI",
        client => client.BaseAddress =
            new Uri(builder.Configuration.GetValue<string>("ApiBaseUrl")))
    .AddHttpMessageHandler(sp => sp.GetRequiredService<AuthorizationMessageHandler>()
        .ConfigureHandler(
            new[] { builder.Configuration.GetValue<string>("ApiBaseUrl") },
            new[] { ApiScope }));

builder.Services.AddMsalAuthentication(options =>
{
    builder.Configuration.Bind("AzureAdB2C", options.ProviderOptions.Authentication);
    options.ProviderOptions.Cache.CacheLocation = "localStorage";
    options.ProviderOptions.DefaultAccessTokenScopes.Add(ApiScope);
});

builder.Services.AddOptions();
builder.Services.AddAuthorizationCore();

.NET Core SDK (reflecting any global.json):
 Version:   3.1.302
 Commit:    41faccf259

Runtime Environment:
 OS Name:     Mac OS X
 OS Version:  10.16
 OS Platform: Darwin
 RID:         osx-x64
 Base Path:   /usr/local/share/dotnet/sdk/3.1.302/

Host (useful for support):
  Version: 3.1.6
  Commit:  3acd9b0cd1

.NET Core SDKs installed:
  3.1.302 [/usr/local/share/dotnet/sdk]

.NET Core runtimes installed:
  Microsoft.AspNetCore.App 3.1.6 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 3.1.6 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]

To install additional .NET Core runtimes or SDKs:
  https://aka.ms/dotnet-download

<Project Sdk="Microsoft.NET.Sdk.Web">

  <PropertyGroup>
    <TargetFramework>netstandard2.1</TargetFramework>
    <RazorLangVersion>3.0</RazorLangVersion>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="3.2.1" />
    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Build" Version="3.2.1" PrivateAssets="all" />
    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="3.2.1" PrivateAssets="all" />
    <PackageReference Include="Microsoft.AspNetCore.WebUtilities" Version="2.2.0" />
    <PackageReference Include="Microsoft.Authentication.WebAssembly.Msal" Version="3.2.1" />
    <PackageReference Include="Microsoft.Extensions.Http" Version="3.1.6" />
    <PackageReference Include="System.Net.Http.Json" Version="3.2.1" />
  </ItemGroup>

</Project>

Issue Analytics

State:
Created 3 years ago
Comments:12 (8 by maintainers)

Top GitHub Comments

1reaction

captainsafiacommented, Aug 31, 2020

@pheuter We’ll be shipping an upgrade to MSAL.js v2 in RC1. If you’d like to try it out early, you can grab a daily build of the SDK and try the flow with the upgraded JS bits.

0reactions

javiercncommented, Oct 22, 2022

@pheuter I am going to close this issue because much has changed since the original report and is very likely any issue in this area has already been addressed. If that is not the case, please let us know.

Please note that currently the app needs to be registered as a SPA in AAD B2C and the flow we’ll do is code+PKCE. We do not support implicit flows any longer.