Hi there Arbaaz! In Angular apps you can have refresh tokens by using the auth code grant with PKCE flow. More details here. msft.it/6052VSmuK Also, here's a detailed tutorial on how to achieve the same as in the Tutorial: msft.it/6053VSmuz
I have never seen a guide or tutorial from Microsoft that goes through AADB2C, one SPA, that uses one WebAPI that uses Identity and Auth Code Flow with PKCE. The tutorials all refer to a previous tutorial, and the tutorial that configures the app, always use implicit flow, or Auth Code Flow without PKCE. Do you know if this is not correct?
Excellent workshop - on the use of localhost redirect URL Matthijs says "I've done a terrible thing, first of all it is not https and its a URI anybody could actually host". But isn't localhost required so that devs can do their dev work on their laptops or build servers? If so should they be doing something different in the way they develop apps?
Would be nice to have a guide hot to set up custom claims in access token , by adding information from graph api like directory.department, directory.jobtite
Well presented! Thanks for the information and I look forward to watching more of your videos.
How do you refresh the token? If you use angular for front end.. you can not really store refresh token on backend.
Hi there Arbaaz! In Angular apps you can have refresh tokens by using the auth code grant with PKCE flow. More details here. msft.it/6052VSmuK Also, here's a detailed tutorial on how to achieve the same as in the Tutorial: msft.it/6053VSmuz
How to use impersonation in EWS mail box authentication. Please share sample code using azure
How to deal with multiple redirecturls? Say we have localhost, dev url, qa etc.
I have never seen a guide or tutorial from Microsoft that goes through AADB2C, one SPA, that uses one WebAPI that uses Identity and Auth Code Flow with PKCE. The tutorials all refer to a previous tutorial, and the tutorial that configures the app, always use implicit flow, or Auth Code Flow without PKCE. Do you know if this is not correct?
If such a guide exists (a full tutorial that does not refer to other tutorials that aren't compatible) can you please refer me to it?
Excellent workshop - on the use of localhost redirect URL Matthijs says "I've done a terrible thing, first of all it is not https and its a URI anybody could actually host". But isn't localhost required so that devs can do their dev work on their laptops or build servers? If so should they be doing something different in the way they develop apps?
Would be nice to have a guide hot to set up custom claims in access token , by adding information from graph api like directory.department, directory.jobtite
Very well explained!