Good Afternoon,
I am currently trying to authenticate our Angular client application using B2C and the following versions of the msal library:
"@auth0/angular-jwt": "5.0.2",
"@azure/msal-angular": "2.0.0",
"@azure/msal-browser": "2.14.0",
I've created the custom endpoints using the guide located here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy, but whenever I try to load the login popup I get the following error:
ServerError: invalid_request: AADB2C90012: The scope 'openid profile offline_access' provided in request is not supported
I have 'openid' and 'offline_access' permissions added to my Azure AD B2C App Registration, but as far as I can tell there is no such scope as 'profile' because I can't find it to add it. Additionally, I'm not seeing this error online, which makes me think that I'm missing something but going over it doesn't seem to help. Does anyone know what I'm missing?
Edit - If I add the following to my custom protocol:
<Metadata>
<Item Key="client_id">c2cbecf3-731c-4a5c-8324-75573e20559c</Item>
<Item Key="scopes_supported">openid profile offline_access</Item>
</Metadata>
That error goes away but I instead get the error:
The application associated with client id '<my client id>' has no registered redirect URIs.
Which is not the case.
Edit2 - I'm not sure why 'profile' wasn't showing up in the previous app registration but I was able to create a new one and add the profile permission, but I'm still receiving the same error.
Edit3 - I've confirmed the authorization request sent out works if only the 'openid' scope is specified by intercepting it and modifying it before sending it out again. The most likely reason for this is because the discovery endpoint only specifies 'openapi' under 'scopes_supported', I've tried everything I can think of and scoured the documentation to find out how to add to this variable but have turned up empty handed. If anyone knows how to update scopes on the custom protocols please please let me know
