login.microsoftonline.com will be deprecated for Azure Active Directory B2C on 31 August 2022

[tomkerkhove]

login.microsoftonline.com will be deprecated for Azure Active Directory B2C on 31 August 2022.

This does not impact Azure Active Directory (Azure AD) tenants, only B2C.

Deadline: 31 August 2022 Impacted Services: Azure Active Directory B2C More information:

• https://azure.microsoft.com/en-au/updates/b2c-deprecate-msol/
• https://docs.microsoft.com/en-us/azure/active-directory-b2c/multiple-token-endpoints
• https://docs.microsoft.com/en-us/azure/active-directory-b2c/b2clogin

Notice

On December 4th, 2020, the login.microsoftonline.com endpoint will be deprecated for accessing B2C tenants. Existing tenants will need to move onto B2Clogin.com before that date, and all functionality will remain the same on the B2Clogin.com endpoint.

New tenants created after this announcement will no longer be able to accept requests from login.microsoftonline.com. This doesn’t impact Azure Active Directory (Azure AD) tenants and is only for Azure Active Directory B2C tenants.

Impact

login.microsoftonline.com will be removed on December 4th, 2020 which will break all clients.

Required Action

Existing tenants will need to move onto B2Clogin.com before that date, and all functionality will remain the same on the B2Clogin.com endpoint.

Contact

You can contact the product group via [email protected].

More information

Migration guidance is provided:

• Migrate an OWIN-based web API to b2clogin.com
• Set redirect URLs to b2clogin.com for Azure Active Directory B2C

[juunas11]

Does this also mean if an app is using Azure AD Graph API with an app registration in the underlying Azure AD tenant, they should also switch to using the b2clogin.com token endpoint? I haven't tested this yet, but would imagine those apps would still keep using login.msol.com?

[tomkerkhove]

I have no info on that, but I can imagine this gets rippled through some other places indeed.

[gramanero]

Just to confirm, this has no impact on Azure B2B Collaboration, correct?

[tomkerkhove]

I'm not sure, but I think not. I'll try to verify.

[faizerestek]

Hey, I have been using https://login.microsoftonline.com/{{tenantId}}/oauth2/token to get an access token, in order to hit the AAD Graph REST APIs. Will that behaviour change too? If yes, then how am I suppose to fetch the OAuth2 token?

[tomkerkhove]

Good question, I don't know but will ask around!

[tomkerkhove]

First thought says it will still work since it's for B2C only

[tomkerkhove]

So only the B2C customers are impacted on this one, see https://docs.microsoft.com/en-us/azure/active-directory-b2c/multiple-token-endpoints#get-token-issuer-endpoints.

[faizerestek]

Hey, I have been using https://login.microsoftonline.com/{{tenantId}}/oauth2/token to get an access token, in order to hit the AAD Graph REST APIs. Will that behaviour change too? If yes, then how am I suppose to fetch the OAuth2 token?

So, I am creating a user in AAD using the aforementioned flow. Therefore, I won't be impacted by this, right? Even though my tenant resides in B2C?

[tomkerkhove]

Frankly, I don't know so I would suggest contacting them on [email protected].

Don't hesitate to let us know here when you know more!

[faizerestek]

@tomkerkhove Its been a month since I have sent a mail to the the Email ID you mentioned, I still haven't received anything from them.

[azure-deprecation-automation]

This issue is automatically managed and suggest to use GitHub Discussions to discuss this deprecation.

[tomkerkhove]

Deprecation has been extended until 31 August 2022 https://azure.microsoft.com/en-au/updates/update-apps-using-azure-ad-b2c-to-new-redirect-b2clogincom/