Rory Braybrook
Aug 20 · 2 min read

First read my previous post on “Using Proof Key for Code Exchange (PKCE) in ADFS for Windows Server 2019”.

This gives an overview of PKCE and the required C# code to generate the “code_verifier” and the “code_challenge”.

Azure AD B2C is pretty similar.

We create a web application:

You can enter the “Redirect URI” under “Reply URL”. I’m going to use Postman so the “Redirect URI” is really a dummy entry for redirection but in practice, this would be for your application.

Create a secret key under “Keys”.

The GET to the /authorize endpoint from the browser is:

https://my-tenant.b2clogin.com/my-tenant.onmicrosoft.com/oauth2/v2.0/authorize

?response_type=code

&client_id=25bd…9521

&scope=openid

&redirect_uri=https://jwt.io

&prompt=login

&code_challenge=_r67lcj4MoDNBAkhxS7ke_YKhKCBAiM0SgzNCagbCxo

&code_challenge_method=S256

&p=B2C_1_SUSI_V2

Note that you need the policy attribute “p=” where the policy is one of the ones you created in B2C.

This brings up the Azure AD B2C log in screen.

Authenticate and you”ll be redirected to:

https://jwt.io/?code=eyJraWQiOiJjcGlt

The POST command to the /token endpoint is:

where the “code” is as returned above.

Notice that the policy needs to be in the query string.

This returns:

Success!

The “code_challenge_method=plain” also works but “S256” is preferred.

All good!

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Rory Braybrook

Written by

NZ Microsoft Identity dude. Microsoft MVP. Azure AD/B2C/ADFS. Plus Auth0/identityserver. N. Shore .NET UG Admin. Presentations: http://bit.ly/334ZPt5

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade