microsoft-authentication-library-for-dotnet: AcquireTokenInteractive for AD B2C on .NET Core 3.0 WPF desktop client does not work

Which Version of MSAL are you using ? MSAL 4.0.0

Platform .NET Core 3.0

What authentication flow has the issue?

  • Desktop / Mobile
    • Interactive
    • Integrated Windows Auth
    • Username Password
    • Device code flow (browserless)
  • Web App
    • Authorization code
    • OBO
  • Web API
    • OBO

Is this a new or existing app? This is a new app

Repro

// Creation of PublicClientApp
// Call to WithRedirectUri is commented out because that redirect URI cannot
// be added during app registration. 
public static IPublicClientApplication PublicClientApp { get; } = PublicClientApplicationBuilder.
    Create(ClientId).
    WithB2CAuthority(Authority).
    // WithRedirectUri("http://localhost").
    Build();

// ...

// Sign-in method logic
await App.PublicClientApp.AcquireTokenInteractive(App.ApiScopes).
    WithB2CAuthority(App.Authority).
    WithPrompt(Prompt.SelectAccount).
    ExecuteAsync();

Expected behavior Call to AcquireTokenInteractive should open default browser and prompt user for login credentials. After login should return focus to app.

Actual behavior AcquireTokenInteractive is throwing an exception: “Only loopback redirect uri is supported, but urn:ietf:wg:oauth:2.0:oob was found. Configure http://localhost or http://localhost:port both during app registration and when you create the PublicClientApplication object. See https://aka.ms/msal-net-os-browser for details”.

Additional context/ Logs / Screenshots Here is the Azure portal AD B2C tenant app registration screen for native client: link

On the AD B2C app registration I cannot add custom URI “http://localhost”.

So how can a .NET Core Desktop WPF app use interactive login with B2C? Are there any other options and examples?

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 2
  • Comments: 16 (8 by maintainers)

Most upvoted comments

Just an update on this - B2C have now implemented support for http://localhost:<port> so AcquireTokenInteractive will work for the Identity Providers that allow this kind of redirect uri. They will support http://localhost (no port) soon.

+4
bgavrilMS on Apr 7, 2020

@cswierczynski-diam Before supporting embedded browsers in the netcore target we have to make some structural changes to the library ensuring we can ship a netcore target which doesn’t have a dependency on WPF or Winforms. This work is currently in progress.

We have so far down prioritized providing the solution in the extensibility library as we want to make this feature part of the core library. The best option so far is to use the CustomWebUI approach as outlined by @bgavrilMS .

@jennyf19 any updates on the B2C timeline?

CC: @jmprieur @jennyf19

+4
henrik-me on Jan 14, 2020

@bgavrilMS : Thanks for the suggestions. I would like to be mindful of the time we have available for this investigation and ideally not bring something on this until netcore 3 has shipped. Will be happy to take contributions from people on this thread as well as others.

+1
henrik-me on Jul 29, 2019
Read more comments on GitHub
← microsoft-authentication-library-for-dotnet: AcquireTokenInteractive crashes on UWP app for ARM64
microsoft-authentication-library-for-dotnet: [Bug] AADSTS50196: The server terminated an operation because it encountered a loop while processing a request →