发表新帖
发表新帖

Azure AD B2C: Clients must send a client_secret when redeeming a confidential grant

前端 未结
关注
3 1725
长发绾君心
长发绾君心 2021-01-19 02:00

I try to setup authentification for an Angular app using authorization code and Azure AD B2C (oidc-client on client side), but I\'m getting these errors from Angular:

<
3条回答
  • 暖寄归人
    暖寄归人 (楼主)
    2021-01-19 02:41

    I had the exact same issue as you and was just able to resolve it.

    AD is requesting the client_secret from you, because it isn't configured for PKCE yet. To tell AD that you want to use PKCE for a specific redirect url you need to set its type from 'Web' to 'Spa'. This can be done in the manifest.

    Search for the property replyUrlsWithType in the Manifest and look for your .../signin-callback url. Change its type to 'Spa' and you should be good.

    eg.:

    "replyUrlsWithType": [
    {
        "url": "http://localhost:8080/signin-callback",
        "type": "Spa"
    },
]

    The configured url will now disappear from your Authorization page but thats ok -> it's still present in the Manifest. The MS team is working on this new type.

    Also make sure you marked your application as a public client.

    For more information, see my answer here: Is Active Directory not supporting Authorization Code Flow with PKCE?

    0 讨论(0)
 看不清?
提交回复
热议问题