Forum Discussion
Azure AD B2C Authentication using an API
Hi,
I am exploring methods on how I can use Azure B2C to authenticate users in a portal scenario. Would it be prudent to use the built in flows or use custom flows in Azure B2C and still use the built in UIs for authentication for the login flow or have there been scenarios that any of you have used an API based authentication mechanism where we are able to authenticate users via an API via a completly custom front end? Any thoughts on how MFA would work in a custom front end with API based authentication scenario? Any thoughts on this would be appreciated. Also if you observe any flipsides to using either of the approaches it would be good for me to understand.
- The choice between built-in flows and custom policies depends on your specific needs. User flows are easier to implement but offer less flexibility, while custom policies require more setup but offer greater control. API-based authentication can offer even more flexibility, especially for custom front-end scenarios, but it also requires more work to implement and manage. As for MFA, it can be used with both built-in and custom flows.
As for using an API for authentication, Azure AD B2C does support this. Token-based authentication ensures that requests to a web API are accompanied by a valid access token. The app authenticates users with Azure AD B2C, acquires an access token with the required permissions (scopes) for the web API endpoint, and passes the access token as a bearer token in the authentication header of the HTTP request2.
- The choice between built-in flows and custom policies depends on your specific needs. User flows are easier to implement but offer less flexibility, while custom policies require more setup but offer greater control. API-based authentication can offer even more flexibility, especially for custom front-end scenarios, but it also requires more work to implement and manage. As for MFA, it can be used with both built-in and custom flows.
As for using an API for authentication, Azure AD B2C does support this. Token-based authentication ensures that requests to a web API are accompanied by a valid access token. The app authenticates users with Azure AD B2C, acquires an access token with the required permissions (scopes) for the web API endpoint, and passes the access token as a bearer token in the authentication header of the HTTP request2.Thanks for this info. Can you add a bit of information about how to set this up?
Would it be as a new identity provider?
What I'm actually looking to do is authenticate a user for Power Pages using oauth2 from Neon CRM.
Power Pages doesn't support oauth2, so I'm thinking I need to set up AD B2C.
The user should be able to log in to Power Pages using their Neon credentials, and api calls from Power Pages should be able to call their API in that context.
Appreciate any help you can offer.
John
- The choice between user flows and custom policy flows depends upon requirements. OOTB user flows are not customizable, if you have any requirement like doing any custom business validation using API or the requirement that you explained in your question to authenticate users using API you need to go with the Custom flow option. MFA can be implemented with your custom flows based on Conditional access policy implementation. You can still go with your API-based authentication scenario. MFA can be defined to run on the basis of risk detection using conditional access policies.
