question

ChintanBhatt-9540 avatar image
0 Votes"
ChintanBhatt-9540 asked VenkitaRamananRamu-2139 answered

External Identity providers: how to configure code_challenge? Auth Request from B2C to OIDC provider does not pass code_challange_method in request

We have configured OpenID Connect provider in Azure B2C that supports 'Authorization Code Flow with PKCE' (does not support implicit flow)

When user select the user store during login the auth request throw an error :
"invalid_request, Error Description: Missing parameter: code_challenge_method

it does not pass code_challenge & code_challenge_method in request - Am I missing any configuration ?
How do we pass missing para from B2C ?

azure-ad-b2c
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ChintanBhatt-9540 avatar image
0 Votes"
ChintanBhatt-9540 answered JitendraRai-2073 commented

Ok, so B2C does not support PKCE for external IDP’s. The reason being B2C would be consider a “confidential client” in respect to OAuth/OIDC.

Authorization code flow with client secret works fine!

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks and please let us know if you need more information. Here is the update for B2C - https://docs.microsoft.com/en-us/azure/active-directory-b2c/whats-new-docs#january-2021

0 Votes 0 ·
VenkitaRamananRamu-2139 avatar image
1 Vote"
VenkitaRamananRamu-2139 answered

Is this still the case that B2C doesn't support PKCE for external identities.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.