Add a native client application to your Azure Active Directory B2C tenant
Native client resources need to be registered in your tenant before your application can communicate with Azure Active Directory B2C.
To register an application in your Azure AD B2C tenant, you can use our new unified App registrations experience or our legacy Applications (Legacy) experience. Learn more about the new experience.
- Sign in to the Azure portal.
- Select the Directory + subscription filter in the top menu, and then select the directory that contains your Azure AD B2C tenant.
- In the left menu, select Azure AD B2C. Or, select All services and search for and select Azure AD B2C.
- Select App registrations, and then select New registration.
- Enter a Name for the application. For example, nativeapp1.
- Under Supported account types, select Accounts in any organizational directory or any identity provider.
- Under Redirect URI, use the drop-down to select Public client/native (mobile & desktop).
- Enter a redirect URI with a unique scheme. For example,
com.onmicrosoft.contosob2c.exampleapp://oauth/redirect
. There are important considerations when choosing a redirect URI:- Development For development use, and desktop apps, you can set the redirect URI to
http://localhost
and Azure AD B2C will respect any port in the request. If the registered URI contains a port, Azure AD B2C will use that port only. For example, if the registered redirect URI ishttp://localhost
, the redirect URI in the request can behttp://localhost:<randomport>
. If the registered redirect URI ishttp://localhost:8080
, the redirect URI in the request must behttp://localhost:8080
. - Unique: The scheme of the redirect URI must be unique for every application. In the example
com.onmicrosoft.contosob2c.exampleapp://oauth/redirect
,com.onmicrosoft.contosob2c.exampleapp
is the scheme. This pattern should be followed. If two applications share the same scheme, the user is given a choice to choose an application. If the user chooses incorrectly, the sign-in fails. - Complete: The redirect URI must have a both a scheme and a path. The path must contain at least one forward slash after the domain. For example,
//oauth/
works while//oauth
fails. Don't include special characters in the URI, for example, underscores.
- Development For development use, and desktop apps, you can set the redirect URI to
- Under Permissions, select the Grant admin consent to openid and offline_access permissions check box.
- Select Register.