Azure AD B2C login with Microsoft identity provider error: Proof Key for Code Exchange is required for cross-origin authorization code redemption

Question

I am getting this error on Azure AD B2C login with Microsoft identity provider:

AADB2C90273: An invalid response was received : 'Error: invalid_request,Error Description: Proof Key for Code Exchange is required for cross-origin authorization code redemption.'

I have added web redirect url like this:

I tried many ways find on google, stack overflow and others, but nothing seems to be working.

Please help me solve this error.

Thanks in advance

Answer 1

To configure Microsoft Account as the IDP, you need to register the application in Microsoft Entra ID tenant (Azure AD tenant):

Add redirect URL as https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp

And supported account types: Personal Microsoft accounts only:

Create Azure AD B2C application in the Azure AD B2C tenant and added redirect URI as https://jwt.ms

Now create the IDP by passing the Azure AD application ID and secret value in the Microsoft Entra ID tenant (Azure AD tenant):

Run user flow by selecting the IDP:

Select Microsoft Account:

The user is now able to sign-in successfully and ID token is generated:

If you want to fetch access tokens along with ID token, then you need to Expose an API and scope in the Azure AD B2C application:

Grant API permission for the scope:

While running the user flow, select resource as your b2c application and run:

Now both ID and access tokens will be generated when the user will sign in: