I'm trying to call /me on the Microsoft Graph API after logging into an Azure B2C Active Directory from iOS.
Using the sample application at: https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msa I've replaced the constants such that sign-up and sign-in work. I've set the kGraphURI to https://graph.microsoft.com/v1.0/me. The code looks like this:
let kTenantName = "mytenant.onmicrosoft.com"
let kAuthorityHostName = "mytenant.b2clogin.com"
let kClientID = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
let kSignupOrSigninPolicy = "B2C_1A_signup_signin"
let kGraphURI = "https://graph.microsoft.com/v1.0/me"
let kScopes: [String] = ["https://mytenant.onmicrosoft.com/api/user_impersonation"]
The value for kScopes is set to the only API my application has available, which was created as part of the instructions for setting up user policies.
When I try to call https://graph.microsoft.com/v1.0/me I get back:
{ "error": { "code": "InvalidAuthenticationToken", "message": "Access token validation failure.", "innerError": { "request-id": "e923673f-25cb-44be-b3b9-94eda660d4f6", "date": "2020-02-11T08:31:24" } } }
If I try to set kScopes to https://graph.microsoft.com/User.Read I get an error:
Could not acquire token: Error Domain=MSALErrorDomain Code=-50000 "(null)" UserInfo={MSALErrorDescriptionKey=Authentication response received without expected accessToken, MSALInternalErrorCodeKey=-42008, MSALCorrelationIDKey=FFCCD1D4-F0C8-46E6-85B2-A5642F1D4E1D}
How do I call the /me Microsoft Graph API with an access token from Azure B2C Active Directory?
