So I am trying to protect a web API using Azure AD B2C but when I try to access an endpoint with the token obtained using "Run user flow" I get the following exception:
System.UnauthorizedAccessException: IDW10201: Neither scope or roles claim was found in the bearer token.
My Code:
I created a new ASP.NET Core App and used the dialog to add authentication automatically.
Some interesting points in the code:
I tried added the following to the appsettings.json file and it didn't help:
"AllowWebApiToBeAuthorizedByACL": true
I tried removing this from the controller and it didn't help:
// The Web API will only accept tokens 1) for users, and 2) having the "access_as_user" scope for this API
static readonly string[] scopeRequiredByApi = new string[] { "access_as_user" };
HttpContext.VerifyUserHasAnyAcceptedScope(scopeRequiredByApi);
In ConfigureServices I have the following code:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(Configuration.GetSection("AzureAdB2C"));
Azure Portal:
I created a new tenant for Azure AD B2C
I registered an application
- API Permissions
Here I have been playing a lot with it, those are the permissions I have enabled right now:
- Create User flow
Then when I run the user flow this is what I get:
Link used:
https://xxxxxxxxxxx001.b2clogin.com/xxxxxxxxx001.onmicrosoft.com/oauth2/v2.0/authorize?
p=B2C_1_user_flow_test_signinsignup
&client_id=xxxxxxxxxxxx
&nonce=defaultNonce
&redirect_uri=https%3A%2F%2Fjwt.ms
&scope=openid
&response_type=id_token
&prompt=login
I am completely new to azure and after researching the whole internet I can't figure out what is the issue here, and why scp is not in the token I obtain when running the user flow from the link provided in azure portal.
I would really appreciate in help in what I am missing to set up or what I have set up wrongly.
