General - Integration with Azure AD B2C User Flow

Integration with Azure AD B2C User Flow

Q

How to integrate your application with a user flow defined as a policy in my Azure AD B2C directory?

✍: FYIcenter.com

A

After you have tested your user flow policy in your Azure AD B2C directory, you need to gather required information and integrate your application to the user flow.

1. Metadata document - Open the user flow policy on Azure portal. You see the URL of the metadata document for your user flow displayed on top of the screen. For example, https://xxx.b2clogin.com/xxx.onmicrosoft.com/v2.0/.well-known /openid-configuration?p=B2C_1_MyLogin

2. Integration endpoints - Click on the URL of the metadata document. You see integration endpoints listed in the document. For example, "authorization_endpoint": "https://xxx.b2clogin.com/xxx.onmicrosoft.com/oauth2/v2.0 /authorize?p=b2c_1_mylogin", and "token_endpoint": "https://xxx.b2clogin.com/xxx.onmicrosoft.com/oauth2/v2.0 /token?p=b2c_1_mylogin".

3. Build a "Login" link on your Web application and fire the OpenID Connect authentication request to the "authorization_endpoint":

POST /xxx.onmicrosoft.com/oauth2/v2.0/authorize HTTP/1.1
Host: https://xxx.b2clogin.com
Content-Type: application/x-www-form-urlencoded

client_id=bd51d56c-e744-4a58-91e1-9afd0d7e821c                 
&redirect_uri=http%3A%2F%2Ffyicenter.com%3AopenID_receiver.php
&response_type=id_token+code 
&p=b2c_1_mylogin
&...

4. Add code logic in openID_receiver.php to process "id_token" or "code".

5. Fire the OpenID access token request in openID_receiver.php, if you are implementing the authentication code integration flow:

POST /xxx.onmicrosoft.com/oauth2/v2.0/token HTTP/1.1
Host: https://xxx.b2clogin.com
Content-Type: application/x-www-form-urlencoded

client_id=bd51d56c-e744-4a58-91e1-9afd0d7e821c                 
&code=........................................ 
&redirect_uri=http%3A%2F%2Ffyicenter.com%3AopenID_receiver.php
&p=b2c_1_mylogin
&...

Note that an extra parameter is added "p=b2c_1_mylogin" to invoke the user flow you defined in your Azure AD B2C directory. For more information on OpenID Connect requests, see other tutorials.

⇒ Azure AD B2C "id_token" from Google

⇐ Test Azure AD B2C User Flow

⇑ Azure AD B2C Integration

⇑⇑ OpenID Tutorials

2019-02-18, 195👍, 0💬