I am trying to retrieve an access token from Azure B2C to get access to the User’s oid right they sign up or sign in, but I have been getting the following error message each time I try to hit the endpoint as per the example from Microsoft’s resource:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/access-tokens
Status 404 Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
I followed Microsoft’s exact guide:
POST <tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/token HTTP/1.1
Host: <tenant-name>.b2clogin.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&client_id=<application-ID>
&scope=<application-ID-URI>/<scope-name>
&code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMC...
&redirect_uri=https://jwt.ms
&client_secret=2hMG2-_:y12n10vwH...
Here is what I have as part of the form-data inside the Body (Using Postman):
POST dev.mycompanyname.net.b2clogin.com/devb2c.dev.mycompanyname.net.onmicrosoft.com/B2C_1_Sign/oauth2/v2.0/token
dev.mycompanyname.net is retrieved from either (Microsoft Entra ID -> Overview -> Primary domain) or (Azure AD B2C -> Overview -> Domain Name) Both gave me 'dev.mycompanyname.net'
B2C_1_Sign is retrieved from (Azure AD B2C --> Policies --> User Flows --> Name --> 'A policy I used to sign in, the exact name')
grant_type=authorization_code
&client_id=I got this value from (App Registration --> My App --> Overview --> Application (client) ID)
&code=(The exact code after ?code=, when it hits my callback)
&redirect_uri= (App Registration --> My App --> Managed --> Authentication --> Redirect URls)
&client_secret=I got this from (App Registration --> My App --> Managed --> Certificates & Secrets --> Value)
I removed scope as I didn't have any scope added.
Here is what I have as the Headers:
Content-Type: application/x-www-form-urlencoded
Host: dev.mycompanyname.net.b2clogin.com
What am I missing here, why am I not able to exchange the code for an access token?