Hi @Jorge Lopez ,
As you correctly pointed out, you cannot use Role-based Authorization with Azure AD B2C as it uses the Identity Experience Framework to specify which attributes should be collected from the users during sign-up and which application claims will be returned in the token after successful authentication. In addition, since users are using social identities where they typically sign up and create the accounts, it would be difficult for the admin to add their accounts to the app assigning the roles to their identities.
Any roles specified using the App Registration get applied and returned in the token only when the authenticated against standard Azure AD and not Azure AD B2C.
The closest sample that matches your requirement would likely be the guide, How to secure a Web API built with ASP.NET Core using the Azure AD B2C. You would need to set it up to use Claims-based Authorization to determine whether the users should get access to the API based on attributes that are inserted for the users by the RESTful API Connector or set by using Graph API calls.
There is a related thread here that discusses this option as well as a few other options to achieve a similar scenario.
-
If the information was useful, please Accept the answer. This will help us and other members of the community who may be researching similar questions.