This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
An external IDP, eg, the Norwegian ansattporten requiers OAUTH 2.1 or at least PKCE for auth even if it is a trusted client like B2C. B2C should be able to support oidc authorization code flow with pkce or OAUTH 2.1 or OAUTH auth with PKCE.
Currently B2C is missing the code challange option and it is a needed feature.
Is it possible to use som sort of custom provider in B2C to get auth flow with PKCE agiant external IDP?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Bjarne Muri ,
Thanks for reaching out.
Your understanding is correct here. B2C does not support PKCE for external IDP’s. The reason being B2C would be consider a “confidential client” in respect to OAuth/OIDC.
I checked with product team and currently it is not supported in any way.
This idea is already posted on Azure Feedback Portal, which is monitored by the product team for feature enhancements. I would suggest you to upvote that for greater visiblity.
Thank you for your time and patience throughout this issue.
Thanks,
Shweta
Understand that it is not supported, but still OAUTH2.1 requiers it.. and the competetors have this feature. It is also an option to use this security feature in OAUTH2..
I have upvodted the request and hope many more will do so.