Actually I have some issues related run a code for get a token from Microsoft graph API.
Kindly guide me that how can I create a user flow with ROPC authentication and then how can we run it on postman or in Laravel controller to get a token. I tried it, but got some error. Image is attached for more clarity. Refer the 
Asked
Active
Viewed 511 times
0
user2250152
- 14,658
- 4
- 33
- 57
amir tariq
- 35
- 1
- 7
-
This error usually pops up when the url itself is wrong. Please ensure that the tenant name is correct. Ensure that you are using correct custom policy from the tenant. Please go through steps mentioned in Microsoft docs [here](https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-ropc-policy?tabs=app-reg-ga&pivots=b2c-user-flow) are followed correctly for user flows or custom flows accordingly. – sabique Jun 22 '22 at 13:50
-
I have created user flow according to documentation but actually I can't understand that how can we run it on postman can your please upload one picture in which all things are mention. – amir tariq Jun 22 '22 at 14:08
1 Answers
0
You can follow this Set up a resource owner password credentials flow - Azure AD B2C | Microsoft Docs
Create user flow in azuread b2c tenant.
Give some name and check the claims that need to be returned.
- Create an app using app registration blade for the user to access,
which then has
user.readandoffline_accessscopes. - Also copy
application idor client id to use in scopes .
- Then you can go to the created userflow and run user flow to get the endpoints and complete metadata to use.
- In postman , you need to mention following parameters (username ,
password,grant_type as
password,scope asopenid application-id offline_access,client_id as application-id, response_type) in the body. Highlighted are required ones as stated in document test-the-ropc-flow
I tested and got accesstoken and id token successfully in postman. Where i gave POST request to https://xxx.b2clogin.com/xx.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_ropcsignin (b2c_1_ropcsignin is the userflow policy name).
- You can copy the accessToken and decode in https://jwt.io or
https://jwt.ms to see the user details and claims.
I got the selected claims in my userflow.
EDIT:
You can select the required claims under "Application claims" in step2
then if you decode the access token that you get after updating the selection, you can see the email of the user in token claims.
kavyaS
- 8,026
- 1
- 7
- 19
-
All things are working perfectly but i got one error while creating a token "error": "invalid_request", "error_description": "AADB2C90117: The scope 'user.read' provided in the request is not supported.\r\nCorrelation ID: 278d7c6a-8474-4f62-a8b0-13551aaab565\r\nTimestamp: 2022-06-23 14:55:28Z\r\n" when i add these permission from delegated permission then there is not these types of permissions available. kindly guide me from here.Thanks for you co-opration – amir tariq Jun 23 '22 at 15:05
-
Azure AD B2C doesn't support accessing any Microsoft API .user.read is microsoft graph delegated permissions.You can try with only azure ad endpoint of azureadb2c . Please check the supporting references :[ref1](https://stackoverflow.com/questions/60384753/how-can-i-call-b2c-graph-api-from-angular) , [ref2](https://stackoverflow.com/questions/63774428/azureadb2c-getaccesstokenforuserasync-error-the-scope-user-read-provided-in-t).Also please try [this](https://learn.microsoft.com/en-us/answers/questions/419620/aadb2c90117-the-scope-39userread39-provided-in-the.html) – kavyaS Jun 23 '22 at 16:31
-
i have get the access token thanks for your co-opration. tell me one thing that can we get login user detail or user email from access token which we get from b2c ad? – amir tariq Jun 24 '22 at 11:25
-