This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 71%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
The Azure B2C client credentials flow fails with the below error when the client_id and client_secret are passed in the authorization header using the basic auth scheme. When passed in the post body it works as expected.
POST https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/mypolicy/oauth2/v2.0/token
Authorization: Basic client_id:client_secret (base64 encoded)
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&scope=myscope
{
"error": "invalid_grant",
"error_description": "AADB2C90085: The service has encountered an internal error. Please reauthenticate and try again.\r\nCorrelation ID: 115a493c-f3b1-42a4-a8fd-257f4ec68e03\r\nTimestamp: 2022-12-03 18:26:36Z\r\n"
}
Thanks!
I could be wrong, but I never saw any scenario where such parametes should be passed in the header.
In order to receive a token, this requires you a simple KeyValuePair (FORM, in other words) containing few parameters such as grant_type and client id.
Take a look on my code...this prob can help you to understand...
var formContent = new FormUrlEncodedContent(new[]{
new KeyValuePair<string, string>("client_id", "My Client Id Here),
new KeyValuePair<string, string>("scope", "Your scope"),
new KeyValuePair<string, string>("grant_type", "client_credentials"),
});
var loginResponse = await Http.PostAsync("https://xxxx.b2clogin.com/xxxxonmicrosoft.com/B2C_1_LOGIN/oauth2/v2.0/token", formContent);
AccessToken dataReceived = await loginResponse.Content.ReadFromJsonAsync<AccessToken>();
This works...basically I start a POST whose the content is a form and the response will be the token
I hope this can be useful for you.
Thank you for your reply but I need to pass the client_id and client_secret in the authorization header rather than the post body. I can successfully pass them in the post body and receive a token but I want to pass them in the authorization header instead.
Azure AD supports passing the client_id and client_secret in the authorization header:
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#get-a-token
I'd like to do the same with B2C.
The reason for wanting to use the authorization header is because I want to obtain a token within a B2C custom policy using the REST API provider which only supports the authorization header for authentication.
Hi @IanC , sorry for the delayed response. Have you seen this document section about HTTP authentication? This is for B2C and passes the credentials in the header. With this you should be able to use the REST API properly. Please let me know if I misunderstood your question or if you need any help and I can help you further.
Best,
James