Forum Discussion
Solved
Azure AD B2C Authentication using an API
Hi, I am exploring methods on how I can use Azure B2C to authenticate users in a portal scenario. Would it be prudent to use the built in flows or use custom flows in Azure B2C and still use the bui...
- The choice between built-in flows and custom policies depends on your specific needs. User flows are easier to implement but offer less flexibility, while custom policies require more setup but offer greater control. API-based authentication can offer even more flexibility, especially for custom front-end scenarios, but it also requires more work to implement and manage. As for MFA, it can be used with both built-in and custom flows.
As for using an API for authentication, Azure AD B2C does support this. Token-based authentication ensures that requests to a web API are accompanied by a valid access token. The app authenticates users with Azure AD B2C, acquires an access token with the required permissions (scopes) for the web API endpoint, and passes the access token as a bearer token in the authentication header of the HTTP request2.
The choice between user flows and custom policy flows depends upon requirements. OOTB user flows are not customizable, if you have any requirement like doing any custom business validation using API or the requirement that you explained in your question to authenticate users using API you need to go with the Custom flow option. MFA can be implemented with your custom flows based on Conditional access policy implementation. You can still go with your API-based authentication scenario. MFA can be defined to run on the basis of risk detection using conditional access policies.