PKCE code flow for external identity provder with b2c

Bjarne Muri 46 Reputation points
2022-08-24T14:09:36.473+00:00

An external IDP, eg, the Norwegian ansattporten requiers OAUTH 2.1 or at least PKCE for auth even if it is a trusted client like B2C. B2C should be able to support oidc authorization code flow with pkce or OAUTH 2.1 or OAUTH auth with PKCE.

Currently B2C is missing the code challange option and it is a needed feature.

Is it possible to use som sort of custom provider in B2C to get auth flow with PKCE agiant external IDP?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,628 questions
0 comments No comments
{count} votes

Accepted answer
  1. Shweta Mathur 26,976 Reputation points Microsoft Employee
    2022-08-25T13:13:36.39+00:00

    Hi @Bjarne Muri ,

    Thanks for reaching out.

    Your understanding is correct here. B2C does not support PKCE for external IDP’s. The reason being B2C would be consider a “confidential client” in respect to OAuth/OIDC.

    I checked with product team and currently it is not supported in any way.

    This idea is already posted on Azure Feedback Portal, which is monitored by the product team for feature enhancements. I would suggest you to upvote that for greater visiblity.
    Thank you for your time and patience throughout this issue.

    Thanks,
    Shweta

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Bjarne Muri 46 Reputation points
    2022-08-26T07:57:52.633+00:00

    Understand that it is not supported, but still OAUTH2.1 requiers it.. and the competetors have this feature. It is also an option to use this security feature in OAUTH2..
    I have upvodted the request and hope many more will do so.

    2 people found this answer helpful.
    0 comments No comments