External Identity providers: how to configure code_challenge? Auth Request from B2C to OIDC provider does not pass code_challange_method in request

Chintan Bhatt 1 Reputation point
2021-03-02T05:37:31.157+00:00

We have configured OpenID Connect provider in Azure B2C that supports 'Authorization Code Flow with PKCE' (does not support implicit flow)

When user select the user store during login the auth request throw an error :
"invalid_request, Error Description: Missing parameter: code_challenge_method

it does not pass code_challenge & code_challenge_method in request - Am I missing any configuration ?
How do we pass missing para from B2C ?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,631 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Venkita Ramanan, Ramu 56 Reputation points
    2022-05-26T06:26:14.843+00:00

    Is this still the case that B2C doesn't support PKCE for external identities.

    1 person found this answer helpful.
    0 comments
  2. Chintan Bhatt 1 Reputation point
    2021-03-04T06:07:08.243+00:00

    Ok, so B2C does not support PKCE for external IDP’s. The reason being B2C would be consider a “confidential client” in respect to OAuth/OIDC.

    Authorization code flow with client secret works fine!