Azure-docs: The intent of two apps is not clear
I used only one app and still it worked. not sure why do we need two apps. Also the significance of each app is not explained.
In an Id token, why do we need two apps?
Without application secret, how these apps are being used?
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: bee63035-00ee-f7fd-97a1-69dae5f808ef
- Version Independent ID: a3447928-73cc-0290-6d46-b89234757e3b
- Content: Get started with custom policies in Azure Active Directory B2C
- Content Source: articles/active-directory-b2c/active-directory-b2c-get-started-custom.md
- Service: active-directory
- GitHub Login: @davidmu1
- Microsoft Alias: davidmu
agrabhi
All 4 comments
@agrabhi
Thanks for your feedback! We will investigate and update as appropriate.
MarileeTurscak-MSFT
on 12 Dec 2018
@agrabhi Azure AD B2C's trust framework internally attempts to obtain a token for the IdentityExperienceFramework app (Web API) using the ProxyIdentityExperienceFramework app (Native app) during the sign in process. You do not need to specify a secret for the client application (ProxyIdentityExperienceFramework) as it is registered as a Native application. The TokenSigningContainer key you have created is used to sign the ID and access tokens that are issued by Azure AD B2C to your relying party applications.
SaurabhSharma-MSFT
on 13 Dec 2018
@agrabhi We will now proceed to close this thread. If there are further questions regarding this matter, please reopen it and we will gladly continue the discussion.
SaurabhSharma-MSFT
on 15 Dec 2018
This is still not abundantly clear.
Why is the IdentityExperienceFramework app necessary? Can't the token audience be the same as the application making the request (i.e. the ProxyIdentityExperienceFramework app)?
mike-schenk
on 14 Mar 2019
Related issues
bityob
·
3Comments
DeepPuddles
·
3Comments
Ponant
·
3Comments
bdcoder2
·
3Comments
AronT-TLV
·
3Comments
Most helpful comment
This is still not abundantly clear.
Why is the IdentityExperienceFramework app necessary? Can't the token audience be the same as the application making the request (i.e. the ProxyIdentityExperienceFramework app)?