Forum Discussion
Solved
Azure AD B2C Authentication using an API
Hi, I am exploring methods on how I can use Azure B2C to authenticate users in a portal scenario. Would it be prudent to use the built in flows or use custom flows in Azure B2C and still use the bui...
- The choice between built-in flows and custom policies depends on your specific needs. User flows are easier to implement but offer less flexibility, while custom policies require more setup but offer greater control. API-based authentication can offer even more flexibility, especially for custom front-end scenarios, but it also requires more work to implement and manage. As for MFA, it can be used with both built-in and custom flows.
As for using an API for authentication, Azure AD B2C does support this. Token-based authentication ensures that requests to a web API are accompanied by a valid access token. The app authenticates users with Azure AD B2C, acquires an access token with the required permissions (scopes) for the web API endpoint, and passes the access token as a bearer token in the authentication header of the HTTP request2.
The choice between built-in flows and custom policies depends on your specific needs. User flows are easier to implement but offer less flexibility, while custom policies require more setup but offer greater control. API-based authentication can offer even more flexibility, especially for custom front-end scenarios, but it also requires more work to implement and manage. As for MFA, it can be used with both built-in and custom flows.
As for using an API for authentication, Azure AD B2C does support this. Token-based authentication ensures that requests to a web API are accompanied by a valid access token. The app authenticates users with Azure AD B2C, acquires an access token with the required permissions (scopes) for the web API endpoint, and passes the access token as a bearer token in the authentication header of the HTTP request2.
As for using an API for authentication, Azure AD B2C does support this. Token-based authentication ensures that requests to a web API are accompanied by a valid access token. The app authenticates users with Azure AD B2C, acquires an access token with the required permissions (scopes) for the web API endpoint, and passes the access token as a bearer token in the authentication header of the HTTP request2.
Thanks for this info. Can you add a bit of information about how to set this up?
Would it be as a new identity provider?
What I'm actually looking to do is authenticate a user for Power Pages using oauth2 from Neon CRM.
Power Pages doesn't support oauth2, so I'm thinking I need to set up AD B2C.
The user should be able to log in to Power Pages using their Neon credentials, and api calls from Power Pages should be able to call their API in that context.
Appreciate any help you can offer.
John
