Share via

Client credentials flow fails when credentials are passed in the authorization header

IanC 6 Reputation points
2022-12-03T18:30:51.493+00:00

The Azure B2C client credentials flow fails with the below error when the client_id and client_secret are passed in the authorization header using the basic auth scheme. When passed in the post body it works as expected. 

POST https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/mypolicy/oauth2/v2.0/token  
Authorization: Basic client_id:client_secret (base64 encoded)  
Content-Type: application/x-www-form-urlencoded  
  
grant_type=client_credentials&scope=myscope  
  
{  
  "error": "invalid_grant",  
  "error_description": "AADB2C90085: The service has encountered an internal error. Please reauthenticate and try again.\r\nCorrelation ID: 115a493c-f3b1-42a4-a8fd-257f4ec68e03\r\nTimestamp: 2022-12-03 18:26:36Z\r\n"  
}

Thanks!

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marco S. Junior 46 Reputation points
    2022-12-06T12:12:47+00:00

    I could be wrong, but I never saw any scenario where such parametes should be passed in the header.
    In order to receive a token, this requires you a simple KeyValuePair (FORM, in other words) containing few parameters such as grant_type and client id.

    Take a look on my code...this prob can help you to understand... 

    var formContent = new FormUrlEncodedContent(new[]{  
            new KeyValuePair<string, string>("client_id", "My Client Id Here),  
            new KeyValuePair<string, string>("scope", "Your scope"),  
            new KeyValuePair<string, string>("grant_type", "client_credentials"),  
        });       
        var loginResponse = await Http.PostAsync("https://xxxx.b2clogin.com/xxxxonmicrosoft.com/B2C_1_LOGIN/oauth2/v2.0/token", formContent);  
        AccessToken dataReceived = await loginResponse.Content.ReadFromJsonAsync<AccessToken>();

    This works...basically I start a POST whose the content is a form and the response will be the token

    I hope this can be useful for you.

  2. James Hamil 27,211 Reputation points Microsoft Employee Moderator
    2022-12-20T22:11:42.867+00:00

    Hi @IanC , sorry for the delayed response. Have you seen this document section about HTTP authentication? This is for B2C and passes the credentials in the header. With this you should be able to use the REST API properly. Please let me know if I misunderstood your question or if you need any help and I can help you further.

    Best,
    James

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.