Azure AD B2C: AcquireTokenSilentAsync returns empty access token

4
votes

I followed the steps in Create an ASP.NET web app with Azure Active Directory B2C sign-up, sign-in, profile edit, and password reset and used the sample code to prototype Azure AD B2C for our company.

  • The only change is that I used my domain name instead of the sample domain and modified the web.config
  • I have defined the scope and App ID for API application
  • I get the Id token but not the access token

Any suggestion on what the issue could be?

enter image description here

2
azureazure-ad-b2c
App Id for the API app is https://*****.onmicrosoft.com/tasks/ . Scope names are "read" and "write"frosty
In the portal there is a warning "No subscription is linked to this B2C tenant...". Does this have anything to do with no access token being returned?frosty

2 Answers

2
votes

One of the steps is missing in Create an ASP.NET web app with Azure Active Directory B2C sign-up, sign-in, profile edit, and password reset documentation.

The access token is returned once you give the API access to Web Application following the steps described here.

2
votes

I had this problem when everything about my request was correct except the scope I was requesting. I would get an id_token returned, but not an access_token. I was using the sample from here: https://dzimchuk.net/setting-up-your-asp-net-core-2-0-apps-and-services-for-azure-ad-b2c/ (a superb article by the way). I had run the app but without having defined the read_values scope in the Application Published Scopes in my Azure B2C tenant. The issue you describe manifested itself in these lines of code from that sample.

var result = await client.AcquireTokenByAuthorizationCodeAsync(context.TokenEndpointRequest.Code, new[] { $"{authOptions.ApiIdentifier}/read_values" });

context.HandleCodeRedemption(result.AccessToken, result.IdToken);

result.IdToken was fine, result.AccessToken was null until I correctly defined the read_values scope in my azure b2c tenant.