Why does the AADB2C Identity provider require a Client Secret? #2782
shawnmurtagh
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Why does the AADB2C Identity provider require a Client Secret when it is using a SPA code grant flow that doesn't use a secret?
From docs: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad-b2c#configure-identity-provider-for-developer-portal
From the same docs:
We tested rotating the secret and found that even when we enter an invalid secret (e.g., "abc") and update the developer portal, we are still able to log in using the AADB2C OAuth 2 button.
Beta Was this translation helpful? Give feedback.
All reactions