MicrosoftThere are two significant hurdles developers have to go through when implementing B2C - role-based authorization, and automated testing.
The role-based authorization challenge is especially frustrating since we have to use the MS Graph API - in a separate process if I'm understanding the documentation correctly - if we want to do anything with the AD tenant itself. So what's our alternative? Andreas Helland compiled a great https://contos.io/implementing-multiple-identities-in-your-net-core-web-app-part-1-36a214c03ae6 detailing instructions on how to add a drop-down box to the signup/sign-in screen, but that also involved a lot of custom user flow, where it seems like simply having a drop-down list option for claims, and/or having the ability to assign a claim based on policy used (i.e. "if they signed in here, there is a "userType" claim with the value "x") would be sufficient.
The other challenge around automated testing looks like it's handled here with https://docs.microsoft.com/en-us/azure/active-directory-b2c/configure-ropc so maybe it's already there; I'll be honest, I haven't gotten around to implementing this yet on my project, but I've seen a lot of StackOverflow questions about it, so hopefully I can just use this feature and not have to worry about it.
OpenIdConnect has a lot of moving pieces to it, and there is likely a lot of functionality within AD B2C that a lot of us aren't picking up on because it is assumed we're intimate with the OpenIdConnect inner workings. The examples have been very helpful, so at the very least, please keep those coming (and up to date!).
