I pulled down this example from GitHub:
It works with the original appsettings connecting to their authentication service, but when I change it to my Azure B2C application, I get a 401 error. I've tried every possible combination and gone over the instructions several times, but I still get the 401.
So then I tried connecting using PostMan and the instructions I found here:
And, interestingly, that works just fine. So then I pulled apart the requests to find out what was different. Apparently the example application tries to connect to the Authority at:
https://login.microsoftonline.com/tfp/tenant/policy/oauth2/v2.0/authorize
But the Postman example tries to connect to the authority at:
https://tenant.b2clogin.com/tenant/oauth2/v2.0/authorize?p=B2C_1_Sign_In
So I took it one step further and copied the security token out of Postman and jammed it into my client application. It worked!
So naturally I thought the next step would be to take the authority that I used in PostMan and place it in the Desktop application. It failed. When I examined the PublicClientApplication, the authority had been truncated to just:
https://gammafourdevelopment.b2clogin.com/gammafourdevelopment.onmicrosoft.com/
Would someone please give me an idea how this API is supposed to work as none of the examples seem to be current (except the Postman example)?
