Trying to understand the best approach to expose a multi-tenant app registered in an Azure AD tenant to an Azure B2C tenant. What we have tried so far is
- Registered a multi-tenant app in an Azure AD tenant (tenant A)
- Exposed the app in B2C tenant (tenant B), by hitting the admin consent url like: http://login.microsoftonline.com/common/adminconsent?client_id=clientid_of_app_in_tenantA
- Logged in with a b2c tenant B account on the admin consent screen. Doing so, we can now see the app listed under Enterprise Applications in Azure B2C tenant B. I believe some people also refer to this as the service principal of the app.
The issue we are running into is that once we try to use MSAL to acquire a token for that client, with the authority URL being the B2C tenant w/ signin policy, it throws an error saying
AADB2C90018: The client id 'client_id_from_tenant_A" is not registered in tenant b2c tenant B
We were expecting that now that the client from tenant A is exposed in the B2C tenant B, we would be able to acquire the token for that client, but not sure what's missing from our setup. Appreciate any help or guidance you can provide.