Azure AD B2C Resource Owner Password Credentials Authentication

Question

In my application I want to call Azure Web API using Resource Owner Password Credential flow. I have implemented Azure AD b2c Auth for my Web API. I have created 2 Application in Azure, one for Web API and Native client App for ROPC. I gave WEB Api Access in ROPC app. I followed this article and got the Token from ROPC app. But when i pass my ROPC token to Web API I am getting 401. I dont know how to pass the scope of my web api scope in ROPC Token Request. Any help would be appreciated

Thanks in Advance, Subbiah K

Ramakrishna Ramakrishna · Accepted Answer · 2019-11-27T05:42:14

When you are requesting /token from Native APP (ROPC flow), you can add scopes in the request.

From the doc scope default set to

openid <ApplicationId/ClientId> offline_access

Modify this to like below to add scopes from Web API app. Make sure you should not put ClientId in scope

`openid https://tenant.onmicrosoft.com/hello/demo.read https://tenant.onmicrosoft.com/hello/user_impersonation offline_access`

Hope you already given API access (scopes) to Native Application.

Once you get access_token, that token will contain all the scopes you requested and you can send this to Web API to authorize.

Azure AD B2C Resource Owner Password Credentials Authentication

1 Answers