How to get multiple access tokens for several web api from one web application - AzureAD B2C

solidstore 1 Reputation point

We have a web application which needs authenticated access to several Web APIs. We are using Azure AD B2C for authentication.

We receive an access token, id token, and refresh token for our first web api during login, but we are unable to get a second access token for another webapi.

The web application has given permission to both the webapi in the B2C portal.

The second /token call doesnt fail but the Access token is missing and the scopes are wrong.

Should this be possible?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,720 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Saurabh Sharma 23,776 Reputation points Microsoft Employee

    You cannot use the same authorization code more than once to get the access token for multiple API's. I suggest you can register your web api's as a single application registration with a single redirect url and access to those web api's can be managed using the scopes. You can refer to Tutorial: Grant access to an ASP.NET web API using Azure Active Directory B2C to understand how to configure the API scopes and grant access for them.

  2. Vivek Kumar 1 Reputation point
    0 comments No comments