Add a native client application to your Azure Active Directory B2C tenant

Native client resources need to be registered in your tenant before your application can communicate with Azure Active Directory B2C.

To register an application in your Azure AD B2C tenant, you can use our new unified App registrations experience or our legacy Applications (Legacy) experience. Learn more about the new experience.

  1. Sign in to the Azure portal.
  2. Select the Directory + subscription filter in the top menu, and then select the directory that contains your Azure AD B2C tenant.
  3. In the left menu, select Azure AD B2C. Or, select All services and search for and select Azure AD B2C.
  4. Select App registrations, and then select New registration.
  5. Enter a Name for the application. For example, nativeapp1.
  6. Under Supported account types, select Accounts in any organizational directory or any identity provider.
  7. Under Redirect URI, use the drop-down to select Public client/native (mobile & desktop).
  8. Enter a redirect URI with a unique scheme. For example, com.onmicrosoft.contosob2c.exampleapp://oauth/redirect. There are important considerations when choosing a redirect URI:
    • Development For development use, you can set the redirect URI to http://localhost and Azure AD B2C will respect any port in the request. If the registered URI contains a port, Azure AD B2C will use that port only. For example, if the registered redirect URI is http://localhost, the redirect URI in the request can be http://localhost:<randomport>. If the registered redirect URI is http://localhost:8080, the redirect URI in the request must be http://localhost:8080.
    • Unique: The scheme of the redirect URI must be unique for every application. In the example com.onmicrosoft.contosob2c.exampleapp://oauth/redirect, com.onmicrosoft.contosob2c.exampleapp is the scheme. This pattern should be followed. If two applications share the same scheme, the user is given a choice to choose an application. If the user chooses incorrectly, the sign-in fails.
    • Complete: The redirect URI must have a both a scheme and a path. The path must contain at least one forward slash after the domain. For example, //oauth/ works while //oauth fails. Don't include special characters in the URI, for example, underscores.
  9. Under Permissions, select the Grant admin consent to openid and offline_access permissions check box.
  10. Select Register.