Microsoft-authentication-library-for-js: allowPublicClient in App Registration for Auth Code Flow

Created on 28 Oct 2020  路  8Comments  路  Source: AzureAD/microsoft-authentication-library-for-js

Please follow the issue template below. Failure to do so will result in a delay in answering your question.

Library

Documentation location

  • [x] docs.microsoft.com
  • [x] MSAL.js Github Wiki
  • [ ] README file
  • [ ] Other (please fill in)
  • [ ] Documentation does not exist

Description

I am now using msal-browser 2.4.

My app registration has two redirect uris of type Spa, one for my server and one http://localhost.
My app registration has the allowPublicClient to null (or false in the UI)

Running locally (localhost), everything is OK.
Running from the server, I get the AADB2C90058 error (The provided application is not configured to allow public clients )

I found out, from a blog concerning another lib, that I need to have allowPublicClient set to true.
I did not see any mention of this neither in this repo or on Microsoft's website.

Am I doing something wrong?

b2c documentation enhancement msal-browser question
Source
picture CerosDev

All 8 comments

@CerosDev If allowPublicClient is null, then it is assumed that your client is Confidential. msal-browser supports only PublicClientApplications with PKCE. Thanks for bringing this to our attention, we will add this to our docs.

sameerag picture sameerag on 28 Oct 2020
👍1

@hamiltonha Is this something we can add to Microsoft docs?

sameerag picture sameerag on 29 Oct 2020

@sameerag @hamiltonha I'd like to also point out that according to this doc:

Do NOT select either checkbox under Implicit grant.

Which totally brake the id_hint_token invitation flow with this error:

AADB2C90057 The provided application is not configured to allow the OAuth Implicit flow.

CerosDev picture CerosDev on 29 Oct 2020

This issue has not seen activity in 14 days. It will be closed in 7 days if it remains stale.

github-actions[bot] picture github-actions[bot] on 13 Nov 2020

This issue has not seen activity in 14 days. It will be closed in 7 days if it remains stale.

github-actions[bot] picture github-actions[bot] on 28 Nov 2020

@nickgmicrosoft Can you update the docs/app registration experience to call out the nuances with the invite flow?

tnorling picture tnorling on 4 Dec 2020

Hi all, there's currently a limitation for Azure AD B2C in which the service relies purely on the access token checkbox to enable both ID token and access token implicit requests. For Azure AD B2C, you have to check that checkbox, regardless of whether you'll use ID token/implicit flow or not.

We're exploring options to update the documentation and portal experience updates to reflect this while this is the case.

nickgmicrosoft picture nickgmicrosoft on 4 Dec 2020
👍1

Closing this as there is no immediate work for msal team. @nickgmicrosoft please track this in the B2C portal activities as needed.

sameerag picture sameerag on 11 Jan 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

lecaillon picture lecaillon  路  3Comments
LarsKemmann picture LarsKemmann  路  4Comments
Calamari picture Calamari  路  3Comments
ninio picture ninio  路  3Comments
jfbloom22 picture jfbloom22  路  3Comments