I build xamarin mobile app that has asp.net core web api as backend and I want to protected it using oauth2.0 authorization code flow.
Using this doc - https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-oauth-code#1-get-an-authorization-code
I'm trying to get authorization code. I send request to https://login.microsoftonline.com/{tenant_domain_name}/oauth2/v2.0/authorize? endpoint with query parameters:
client_id - id of added application to azure ad b2c
response_type=code
redirect_uri=redirect url for native application from added application to azure ad b2c
response_mode=query
scope=client id value and "offline_access" separated by whitespace state=test_0001
p=B2C_1_CommonLogin - sign in policy for local accounts
From response I get html page to login as string. I parse login page string to get ctx, flowToken and canary tokens to send request to https://login.microsoftonline.com/{tenant_domain_name}/login endpoint to get authorization code. To do post request I use following formatting:
string postData = string.Format($@"login={email}&passwd={password}&ctx={ctx}&flowToken={flowToken}&canary={canary}&dssoToken=");
byte[] data = Encoding.UTF8.GetBytes(postData);
And write data array to request stream.
Then I call GetResponse on request object and get "Bad request" as response without details. Also in HttpWebReponse object I see ResponseUrl that points to: https://login.microsoftonline.com/te/{tenant_domain_name}/oauth2/authresp? and contains id_token, state and session_state parameters in query.
Could you advice anything?