title Authorization Code Flow + PKCE

actor User
participant App
participant Azure B2C
participant API

User->App:Click login
App->App: Generate Code Verifier\nand Code Challenge
App->Azure B2C: Authorize Code Request+\n Code Challenge\n to /authorize
Azure B2C->App: 200 OK
App->App: Open Azure B2C signin\nflow in web view
group Azure B2C signin flow

User->App: Enter e-mail and password
App->Azure B2C: Authenticate and Consent
Azure B2C->API: /resolvepermissions
API->Azure AD: Resolve roles
Azure AD->Azure AD: Resolve roles into\npermissions
Azure AD->API: Permissions
API->Azure B2C: list of permissions
Azure B2C->Azure B2C: Inject permissions\ninto token
Azure B2C->App: Redirect to app signin flow
end

Azure B2C->App: Authorization Code
App->Azure B2C: Authorization Code +\nCode Verifier\nto /token
Azure B2C->App: ID Token, Access Token\n and Refresh Token
loop
User->App: Request user data
App->API: Request user data with Access Token
API->API: Validates Access Token\n(success)
API->App: Sends user data
end
User->App: Request user data
App->API: Request user data with Access Token
API->API: Validates Access Token\n(failed)
API->App: 401 Unauthorized
App->App: Request token from \n /renew
App->Azure B2C: Refresh Token\n to /token
Azure B2C->App: ID Token, Access Token\n and Refresh Token
App->App: Access Token
App->API: Request user data with Access Token
API->API: Validates Access Token\n(success)
API->App: Sends user data