Web authentication broker does not return with more than one scope


I'm building a UWP application and using web authentication broker for sign in. I'm using Azure B2C with another AD as an identity provider.

When requesting an authorization code, it will always return a code when the scope parameter is: scope=openid If I change this to be: scope=openid offline_access, it will not return to the application. It hangs on a blank window.

I've checked the Web Auth events and it completes successfully with an authorization code, but does not return to the application. I've tested this code by copying it and requesting an access token with it and that works every time.

When I've looked up these kind of issues, the redirects recommended to use are either: ms-app://xxxx, or urn:ietf:wg:oauth:2.0:oob. Both of these result in the error with StatusCode: 0x800C000D

Is there an issue that I'm missing here?


Here's the request. Note that both endUris here have worked, seemingly at random, then will not work again after a reinstall of the application. When it does work, getting a token using the auth code has never been an issue.

    Uri endUri = new Uri("urn:ietf:wg:oauth:2.0:oob");
    //Uri endUri = new Uri("https://<tenantName>.b2clogin.com/tfp/oauth2/nativeclient");
    string startUrl = $"https://<tenantName>.b2clogin.com/<tenantName>.onmicrosoft.com/B2C_1_signIn_SignUp_V2/oauth2/v2.0/authorize?client_id=<clientId>&response_type=code&response_mode=fragment&scope=openid offline_access&redirect_uri=" + endUri;

    Uri startUri = new Uri(startUrl);

    var webAuthenticationResult = await WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.None, startUri, endUri);
asked on Stack Overflow Nov 7, 2020 by Grant • edited Nov 22, 2020 by Grant

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0