I’ve been mucking around with Azure AD B2C. It seems like a pretty good substitute for AWS Cognito that I’ve used previously.
While following the Microsoft sample tutorials I ran into an “unauthorized” error. A value was being returned but no access token was provided.
This seems to be indicative of an issue with scopes. In my case, I’d excluded a trailing slash on the ApiIdentifier url in the TaskWebApp web.config.
This seems to be a fairly common configuration issue. The following stackoverflow post pointed me in the right direction:
Relevant tutorial article can be found here: https://docs.microsoft.com/en-au/azure/active-directory-b2c/active-directory-b2c-tutorials-web-api?tabs=applications