Azure AD B2C Native App Redirect_uri for Desktop Clients

0
votes

I am trying to implement Native to Web API flow using Azure AD B2C. Ref https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-oauth-code

I am stuck at figuring our redirect uri. Azure AD supports custom scheme redirect uris only, I guess after the authentication browser tries to open custom redirect uri and OS should be able to handle it and open an app on the machine which gets the authorization code. I am wondering how I can define a URI which works on all platforms(Linux/Windows/Mac).

Redirect URIs should follow this https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-app-registration#choosing-a-native-application-redirect-uri

The desktop app that is triggering an initial request to Microsoft page is a Python console application.

Any help is appreciated!!

1
pythonauthenticationnativeazure-active-directoryazure-ad-b2c
Typically native apps show some kind browser view that they control. They can listen for changes in the URL, and when they detect it trying to hit that special URL, they can grab the authorization code from there. The only reason I'm not making this an answer is because I don't have any specific examples :) - juunas
That is true with Mobile devices where the redirect uri will be some appname://xyz. When OS sees this it will open the app. But I am not sure how to do this in Desktop native apps. - Venkatesh Marepalli

1 Answers

0
votes

The solution to this is to have our custom uri scheme registered on the client machine. So whenever the authentication flow is completed the browser tries to send the request to redirect uri which will try to invoke the registered application on the Desktop client.

Registering custom URI on Windows https://msdn.microsoft.com/en-us/library/aa767914(v=vs.85).aspx

Registering custom URI on Linux http://edoceo.com/howto/xfce-custom-uri-handler

Once these are registered set redirect_uri on Azure to it ex:vnc://testapp and OS will identify this call and open the app with the Authcode which user can copy paste it and generate access_token and refresh_tokens.

If anyone has a better approach please post it.