Using MSAL angular to authenticate a user against azure ADB2C via authorization code flow with Proof Key for Code Exchange.

8 min readMar 2

Previously, I switched from using oidc-client to MSAL Angular to integrate an Angular app with Azure AD for authentication. If you’re interested, you can read more here. More recently, I used MSAL Angular again to connect another application, but this time to an Azure AD B2C tenant. Since I had prior experience and Microsoft provided good documentation and sample projects to follow, connecting to Azure AD B2C using MSAL Angular was not too difficult. In this post, I share how I adapted the sample project provided by Microsoft to integrate the application with our Azure AD B2C tenant and describe a few minor obstacles that I encountered.

In the past, if you needed to authenticate users against an identity provider such as Azure AD in a single-page application, chances are you would have used the Implicit Flow. However, the Implicit Flow is not as secure as the Authorization Code Flow due to the lack of client authentication and the use of the front-channel, which makes the token susceptible to interception by attacker.

The Authorization Code Flow with PKCE is more secure than the Implicit Flow because it uses the back-channel for token delivery, which makes it less vulnerable to token interception by malicious users. In addition, the authorization server can verify the identity of the client through the use of a code verifier and code challenge, adding an extra layer of security to the process. To learn more about the protocol, you can refer to RFC 7636 article.

Azure ADB2C app registration changes

Before, I was using oid-client to authenticate users against our azure ADB2C tenant using the implicit flow. To use Authorization code flow with PKCE, I needed to update a few configs in the Authentication section of the app registration in azure ADB2C tenant.

One thing I had to do was migrating the Redirect URLs from Web to Single-page application platform. Azure ADB2C provides a convenient link to help with the migration, as shown in the below screenshot.

I also had to check the option “Allow public client flows”, as shown in the below screenshot.

Using MSAL angular to authenticate a user against azure ADB2C via authorization code flow with Proof Key for Code Exchange.

Azure ADB2C app registration changes

Written by Tai Bo

More from Tai Bo

Build and deploy an ASP.NET core app running on IIS using Azure pipelines

This tutorial walks you through the steps of creating a build and release pipeline to automatically build and deploy an ASP.NET core…

Hosting a background task in an ASP.NET core application running on IIS.

In this post, I share how I used the Microsoft.Extensions.Hosting.IHostedService interface and System.Thread.Timer class available in…

Stamp a PDF using iTextSharp for .NET core

Recently I had to implement the logic to “stamp” a PDF file in my ASP.NET core project. I found the sample codes from this SO post, which…

Fill out a PDF form using iTextSharp for .NET core.

iTextSharp is a popular library for working with PDF files. The unofficial port of the v4.16 is available for .NET core. In this post, I…

Recommended from Medium

Single Sign-On: OAUTH vs OIDC vs SAML — Part 2

Welcome to Part 2 of our series on Single Sign-On (SSO) technologies. In the previous blog post, we went through SSO, OAuth, and OpenID…

OutSystems Multi-Tenant Bulk Insert

The main question in this article is: What if I want to bulk insert data into a multi-tenant entity, how do I do it, and what is the best …

Lists

Staff Picks

Stories to Help You Level-Up at Work

Self-Improvement 101

Productivity 101

Implementing Authentication with Azure OAuth 2.0

In this article, we will explore implementing a web application using ASP.NET Core, which is secured using Azure Active Directory

Implement Azure AD Authentication in Nest JS

Hi everyone, my name is Swagata Chaudhuri, and this is my first post on Medium!! I’m a software developer by profession and love exploring…

How to Implement Keycloak Authentication in a .NET Core Application

Authentication is a crucial aspect of building secure web applications. One popular solution for authentication is Keycloak, an…

The What’s and Why’s of IOptions<>

The IOptions<> interface is a part of the Microsoft.Extensions.Options namespace and provides a type-safe way to access the sections of the…