I have followed instructions on how to secure my API to be called from B2C Signup using OAuth2 bearer authentication. However, these instructions only outline the configuration in the custom b2c policy, but not how to configure my API itself to accept calls from B2C.
If I don't enable authentication on my API, the calls happen fine and the SignIn works perfectly. However when I enable Authentication, I get an error whilst executing the SignIn.
The error is AADB2C90027: Basic credentials specified for 'REST-GetProfile' are invalid. Check that the. Credentials are correct and that access has been granted by the resource'
Are there instructions to configure the API Authentication for this scenario?