3,281 questions
Hi @roshin.thomas you could follow the steps as detailed here.
Generating an access token from an ID token - Custom policy
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 98%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERT%3C/text%3E%3C/svg%3E)
roshin.thomas
6
Reputation points
I am using a id_token to pass information to AD B2C to bootstrap a user-journey from a link (similar to email sign in ) .
The url-builder creates a link
https://tenant.b2clogin.com/tenant.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_SIGNIN_WITH_EMAIL&client_id=9----f8a-67890&redirect_uri=https://myapp.com/&nonce=9e4d18.....8302445a8069a&scope=openid&response_type=id_token&id_token_hint=eyJhb......
I have the policy B2C_1A_SIGNIN_WITH_EMAIL that would read the user info from the email and issue a token .
I am expecting the user to be able to signin to the application with the token generated from the policy. But currently it reads the user, creates the id_token but since no token is generated application goes to login prompt.
The policy is below :
Thanks
Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
25,130 questions
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator2023-01-10T09:46:55.677+00:00 Hi @roshin.thomas ,
Thanks for reaching out.
I understand you are trying to get the access token using custom policy.
I am not able to find that you are passing id token in any of the input claim to get the access token.
Coud you please confirm or share that reference you are using to get the access token?
Thanks, Shweta
-
roshin.thomas 6 Reputation points
2023-01-10T10:28:22.333+00:00 Thank you for your response.
I am following the post here - https://medium.com/the-new-control-plane/using-a-jwt-to-invoke-an-azure-ad-b2c-flow-using-id-token-hint-13752ee6d9df
My requirement is to be able to Sign In to my current application from a "magic link" (link in step 1) . (In the above flow email link --> signIn to application) , for the same I am using the above policy (SigninWithEmail.xml in the post modified with my additional claims).
Are there any further steps that I need to follow ?
Thanks, Roshin
Sign in to comment
1 answer
Sort by: Most helpful
-
Stephen Ebichondo 0 Reputation points Microsoft Employee2023-03-29T22:45:05.1566667+00:00