Home
%3CLINGO-SUB%20id%3D%22lingo-sub-807028%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20general%20availability%20of%20two%20key%20features%20in%20Azure%20AD%20B2C%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-807028%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20second%20capability%2C%20%22Use%20the%20access%20token%20from%20identity%20providers%20in%20your%20application%22%2C%20I%20assume%20that%20can%20also%20be%20used%20with%20AAD%20as%20an%20IdP%2C%20making%20it%20easier%20to%20call%20Graph%20under%20user%20identity%2C%20right%3F%20Also%2C%20how%20can%20I%20request%20new%20access%20tokens%20for%20new%20resources%20from%20the%20identity%20provider%2C%20after%20I%20sign%20on%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-810891%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20general%20availability%20of%20two%20key%20features%20in%20Azure%20AD%20B2C%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-810891%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20sent%20some%20feedback%3B%20love%20if%20you%20can%20add%20some%20more%20input%20and%20output%20claims%20functionality%3B%20even%20to%20simple%20modify%20the%20output%20claims%20in%20the%20UI.%20The%20XML%20modifications%20have%20a%20lot%20of%20possibilities%2C%20but%20it's%20time%20consuming%20and%20not%20so%20easy%20to%20use.%20Love%20the%20pass-through%20concepts%20that%20opens%20for%20a%20lot%20more%20options%20to%20deliver%20even%20more%20great%20secure%20possibilities.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-566362%22%20slang%3D%22en-US%22%3EAnnouncing%20the%20general%20availability%20of%20two%20key%20features%20in%20Azure%20AD%20B2C%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-566362%22%20slang%3D%22en-US%22%3E%3CP%3EHowdy%20folks%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%E2%80%99m%20excited%20to%20announce%20the%20general%20availability%20of%20two%20key%20features%20in%20Azure%20AD%20B2C.%20First%2C%20is%20the%20ability%20to%20add%20custom%20OpenID%20Connect%20(OIDC)%20identity%20providers%20for%20user%20flows.%20Second%2C%20is%20the%20capability%20to%20passthrough%20the%20access%20token%20from%20identity%20providers%20to%20your%20application.%3C%2FP%3E%20%26nbsp%3B%20Adding%20custom%20OIDC%20identity%20providers%26nbsp%3B%3CP%3E%3CBR%20%2F%3EOur%20custom%20policies%20currently%20allow%20you%20to%20use%20any%20OIDC%20identity%20provider.%20We%20extended%20this%20capability%20to%20the%20built-in%20user%20flows.%20Just%20like%20you%20can%20sign%20in%20users%20into%20Azure%20AD%20B2C%20via%20Facebook%20and%20Google%2C%20you%20can%20now%20use%20any%20other%20OIDC%20identity%20providers%20in%20your%20user%20flows.%20You%20can%20even%20use%20this%20to%20allow%20users%20to%20sign%20in%20to%20Azure%20AD%20B2C%20using%20their%20Azure%20AD%20work%20accounts.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20set%20this%20up%2C%20on%20the%20Identity%20Providers%20blade%2C%20click%20the%20New%20OpenID%20Connect%20provider%20button%2C%20and%20enter%20the%20OIDC%20metadata%20information.%20For%20details%2C%20read%20Set%20up%20sign-up%20and%20sign-in%20with%20OpenID%20Connect%20using%20Azure%20Active%20Directory%20B2C.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3EUse%20the%20access%20token%20from%20identity%20providers%20in%20your%20application%3CBR%20%2F%3E%3CBR%20%2F%3E%3CP%3EWe%20made%20it%20easier%20for%20your%20application%20to%20leverage%20the%20power%20of%20social%20identity%20providers%20and%20their%20APIs.%20When%20a%20user%20signs%20in%20using%20an%20identity%20provider%2C%20like%20Facebook%2C%20your%20application%20can%20now%20get%20the%20identity%20provider's%20access%20token%20passed%20through%20as%20part%20of%20the%20Azure%20AD%20B2C%20token.%20You%E2%80%99ll%20be%20able%20to%20use%20this%20access%20token%20when%20you%20call%20the%20identity%20provider%E2%80%99s%20API%2C%20such%20as%20the%20Facebook%20Graph%20API.%20To%20learn%20more%2C%20read%20%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fazure%252Factive-directory-b2c%252Fidp-pass-through-user-flow%26amp%3Bdata%3D04%257C01%257Cparja%2540microsoft.com%257C6bc67b6e437f411d584008d70fa76a18%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C636995084024571735%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C-1%26amp%3Bsdata%3DLaJZY3DX3N%252B%252BaKJ2e3LJ2w0TDyoKJsa50tfVueiPIhg%253D%26amp%3Breserved%3D0%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EPass%20an%20access%20token%20through%20a%20user%20flow%20to%20your%20application%20in%20Azure%20Active%20Directory%20B2C%3C%2FA%3E.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20always%20love%20to%20hear%20your%20feedback%20and%20suggestions.%20Let%20us%20know%20what%20you%20think%20in%20the%20comments%20below%20or%20email%20the%20team%20at%20aadb2cpreview%40microsoft.com.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20regards%2C%3C%2FP%3E%3CP%3EAlex%20Simons%20(%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FAlex_A_Simons%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3E%40Alex_A_Simons%3C%2FA%3E)%3C%2FP%3E%3CP%3ECorporate%20VP%20of%20Program%20Management%3C%2FP%3E%3CP%3EMicrosoft%20Identity%20Division%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-566362%22%20slang%3D%22en-US%22%3E%3CP%3EI%E2%80%99m%20excited%20to%20announce%20general%20availability%20of%20custom%20OIDC%20identity%20providers%20and%20access%20token%20passthrough%20in%20Azure%20AD%20B2C!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-566362%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EProduct%20Announcements%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-816594%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20general%20availability%20of%20two%20key%20features%20in%20Azure%20AD%20B2C%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-816594%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F273862%22%20target%3D%22_blank%22%3E%40Mr_Smith%3C%2FA%3EI%20agree%20that%20the%20ClaimsTranformations%20in%20XML%20are%20slightly%20cumbersome%20to%20work%20with.%20I%20don't%20know%20your%20use%20cases%2C%20or%20if%20you%20have%20solved%20them%2C%20but%20I%20find%20myself%20using%20Azure%20Functions%20more%20and%20more%20to%20process%20both%20inbound%20and%20outbound%20claims.%20(Now%20inlining%20that%20into%20the%20custom%20policies%20could%20be%20entertaining%20as%20a%20new%20feature.)%3C%2FP%3E%3C%2FLINGO-BODY%3E

Howdy folks,

 

I’m excited to announce the general availability of two key features in Azure AD B2C. First, is the ability to add custom OpenID Connect (OIDC) identity providers for user flows. Second, is the capability to passthrough the access token from identity providers to your application.

 

Adding custom OIDC identity providers 


Our custom policies currently allow you to use any OIDC identity provider. We extended this capability to the built-in user flows. Just like you can sign in users into Azure AD B2C via Facebook and Google, you can now use any other OIDC identity providers in your user flows. You can even use this to allow users to sign in to Azure AD B2C using their Azure AD work accounts.

 

To set this up, on the Identity Providers blade, click the New OpenID Connect provider button, and enter the OIDC metadata information. For details, read Set up sign-up and sign-in with OpenID Connect using Azure Active Directory B2C.

 

Azure AD B2C custom OpenID Connect identity providers 1.pngOpenID Connect identity provider configuration in the Azure portal.

 

Use the access token from identity providers in your application

We made it easier for your application to leverage the power of social identity providers and their APIs. When a user signs in using an identity provider, like Facebook, your application can now get the identity provider's access token passed through as part of the Azure AD B2C token. You’ll be able to use this access token when you call the identity provider’s API, such as the Facebook Graph API. To learn more, read Pass an access token through a user flow to your application in Azure Active Directory B2C.



Azure AD B2C custom OpenID Connect identity providers 2.pngIdentity provider access token in an Azure AD B2C token.

We always love to hear your feedback and suggestions. Let us know what you think in the comments below or email the team at aadb2cpreview@microsoft.com. 

 

Best regards,

Alex Simons (@Alex_A_Simons)

Corporate VP of Program Management

Microsoft Identity Division

3 Comments
Microsoft

The second capability, "Use the access token from identity providers in your application", I assume that can also be used with AAD as an IdP, making it easier to call Graph under user identity, right? Also, how can I request new access tokens for new resources from the identity provider, after I sign on?

Regular Visitor

Just sent some feedback; love if you can add some more input and output claims functionality; even to simple modify the output claims in the UI. The XML modifications have a lot of possibilities, but it's time consuming and not so easy to use. Love the pass-through concepts that opens for a lot more options to deliver even more great secure possibilities.

Senior Member

@Mr_SmithI agree that the ClaimsTranformations in XML are slightly cumbersome to work with. I don't know your use cases, or if you have solved them, but I find myself using Azure Functions more and more to process both inbound and outbound claims. (Now inlining that into the custom policies could be entertaining as a new feature.)