KristianDahl-2115 avatar image
0 Votes"
KristianDahl-2115 asked ·

Why does Azure AD B2C application allowPublicClient = null work like its set to true when I log in with Msal?

I recently created an Azure AD B"C application and noticed the property allowPublicClient default to null after creation by looking in the manifest. On the Authentication page for the application in Azure UI it shows as having the value "No" under Allow public client flows.

I was using it to log in to my application using MSal 2.0 (msal browser) using oauth PKCE and it worked, if I set it to true it also works but if I set it to false I get the error: AADB2C90058: The provided application is not configured to allow public clients.

My question is: Why can i log in with allowPublicClient = null when it shows as false in the ui? If null is false, I should get the error AADB2C90058 just like when its actually set to false.

· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

By default the setting is set to No (confidential client). Changing to ‘Yes’ converts the default client type to public client. In the application manifest file, this setting is “allowPublicClient” which can be set to true for public client and false or null for confidential client.

This setting is not about the Identity Provider (Azure AD)’s security feature. It is about the client application’s design flow and the environment the application is used in. Changing the type does not cause Azure AD to provide any more or less security protection for the application than the other setting. It only changes what Azure AD expects from the client application during authentication. A confidential client is expected to provide a secret (or assertion) when authenticating to Azure AD while a public client does not have to provide this parameter.

Please follow this document for more information:-

0 Votes 0 ·

0 Answers