question

MariaSenkiv-8302 avatar image
0 Votes"
MariaSenkiv-8302 asked MariaSenkiv-8302 commented

Obtained access token v.1.0 instead v2.0 with B2C user flow

Hello team,
I've registered two applications in my B2C tenant that support user flows. One application exposes Web API (both Delegated and Application scopes are exposed). Second application is web application that has permission to access my Web API. Web application is configured to support implicit flow to get access token. For implicit flow I'm using the endpoint like this "https://<my_organization>.b2clogin.com/<my_organization>.onmicrosoft.com/b2c_1_user_sign_up_sign_in/oauth2/v2.0/authorize", Web API application has in its manifest file ""accessTokenAcceptedVersion": 2" but still receive access token v 1.0, could you please point me out what I'm doing wrong?

azure-ad-b2c
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

sikumars-msft avatar image
0 Votes"
sikumars-msft answered MariaSenkiv-8302 commented

Hello @MariaSenkiv-8302,

Thanks for reaching out.

This is by design behavior whereas Microsoft identity platform Azure AD endpoint can issue v1.0 tokens and v2.0 tokens based on "accessTokenAcceptedVersion attribute" but B2C endpoint token are always issued as V1 access token.

Hope this helps.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you a lot for the explanation!

0 Votes 0 ·