You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/develop/msal-net-aad-b2c-considerations.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,16 +24,16 @@ ms.custom: aaddev
24
24
You can use MSAL.NET to sign in users with social identities by using [Azure Active Directory B2C (Azure AD B2C)](https://aka.ms/aadb2c). Azure AD B2C is built around the notion of policies. In MSAL.NET, specifying a policy translates to providing an authority.
25
25
26
26
- When you instantiate the public client application, you need to specify the policy as part of the authority.
27
-
- When you want to apply a policy, call an override of `AcquireTokenInteractive` that supplies the `authority` parameter.
27
+
- When you want to apply a policy, call an override of `AcquireTokenInteractive` that accepts the `authority` parameter.
28
28
29
29
This article applies to MSAL.NET 3.x. For MSAL.NET 2.x, see [Azure AD B2C specifics in MSAL 2.x](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/AAD-B2C-Specifics-MSAL-2.x) in the MSAL.NET Wiki on GitHub.
30
30
31
31
## Authority for an Azure AD B2C tenant and policy
32
32
33
33
The authority format for Azure AD B2C is: `https://{azureADB2CHostname}/tfp/{tenant}/{policyName}`
34
34
35
-
-`azureADB2CHostname` - The name of the Azure AD B2C tenant plus the host. For example`{your-tenant-name}.b2clogin.com`.
36
-
-`tenant` - The domain name or the directory (tenant) ID of the Azure AD B2C tenant. For example, `{your-tenant-name}.onmicrosoft.com` or a GUID, respectively.
35
+
-`azureADB2CHostname` - The name of the Azure AD B2C tenant plus the host. For example, *contosob2c.b2clogin.com*.
36
+
-`tenant` - The domain name or the directory (tenant) ID of the Azure AD B2C tenant. For example, *contosob2c.onmicrosoft.com* or a GUID, respectively.
37
37
-`policyName` - The name of the user flow or custom policy to apply. For example, a sign-up/sign-in policy like *b2c_1_susi*.
38
38
39
39
For more information about Azure AD B2C authorities, see [Set redirect URLs to b2clogin.com](../../active-directory-b2c/b2clogin.md).
@@ -127,7 +127,7 @@ The ROPC flow is **not recommended** because asking a user for their password in
127
127
128
128
By using username/password in an ROPC flow, you sacrifice several things:
129
129
130
-
- Core tenets of modern identity: The password can be fished or replayed because the shared secret can be intercepted. By definitely, ROPC is incompatible with passwordless flows.
130
+
- Core tenets of modern identity: The password can be fished or replayed because the shared secret can be intercepted. By definition, ROPC is incompatible with passwordless flows.
131
131
- Users who need to do MFA won't be able to sign in (as there is no interaction).
132
132
- Users won't be able to use single sign-on (SSO).
0 commit comments