Azure-docs: B2C generating redirects for custom ROPC flow
Trying to customize this policy for a JIT migration scenario where prior to authentication (ResourceOwnerPasswordCredentials-OAUTH2) other orchestration steps are necessary.
As soon as another claims exchange (REST call) is put in front of it B2C engine decides the local authentication step now should be handled by IsClaimsExchangeProtocolARedirectionHandler = true making it useless for advanced situations.
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: c21f5240-6fe2-41ec-293a-2e3b33522706
- Version Independent ID: 095c2d6b-8691-74b6-99d5-db0ee1017194
- Content: Configure the resource owner password credentials flow with custom policies - Azure AD B2C
- Content Source: articles/active-directory-b2c/ropc-custom.md
- Service: active-directory
- Sub-service: b2c
- GitHub Login: @msmimart
- Microsoft Alias: mimart
artmasa
All 5 comments
Obviously? Because the moment you put a REST claims-exchanger in front of the Oauth2, B2C considers that a server-to-server auth flow. [Which in itself is listed as 'unsupported' in that document you referenced].
sujayvsarma
on 6 Mar 2020
@sujayvsarma It makes total sense from an ROPC perspective. Thanks for for pointing to that section of the documentation. Now it's about configuring native clients to follow redirects. Thanks for the insight.
artmasa
on 6 Mar 2020
@sujayvsarma Thanks for the clarification provided. :+1:
KrishnaG-MSFT
on 7 Mar 2020
@sujayvsarma Have you been able to fulfill the ROPC flow using the redirect provided by B2C? Everytime I try to follow the results of the redirect and get back B2C's oath2/authresp endpoint with the acquired token from STS, it responds with an error.
artmasa
on 10 Mar 2020
No. Perhaps I can help you if you tell us a little about how you've set it up and what error(s) you are seeing.
sujayvsarma
on 11 Mar 2020
Related issues
spottedmahn
·
3Comments
Agazoth
·
3Comments
monteledwards
·
3Comments
Favna
·
3Comments
JeffLoo-ong
·
3Comments