First read my previous post on “Using Proof Key for Code Exchange (PKCE) in ADFS for Windows Server 2019”.
This gives an overview of PKCE and the required C# code to generate the “code_verifier” and the “code_challenge”.
Azure AD B2C is pretty similar.
We create a web application:
You can enter the “Redirect URI” under “Reply URL”. I’m going to use Postman so the “Redirect URI” is really a dummy entry for redirection but in practice, this would be for your application.
Create a secret key under “Keys”.
The GET to the /authorize endpoint from the browser is:
Note that you need the policy attribute “p=” where the policy is one of the ones you created in B2C.
This brings up the Azure AD B2C log in screen.
Authenticate and you”ll be redirected to:
The POST command to the /token endpoint is:
where the “code” is as returned above.
Notice that the policy needs to be in the query string.
The “code_challenge_method=plain” also works but “S256” is preferred.