Calling webapi from another webapi both protected by b2c

Praveen U (PUU) 5 Reputation points
2023-05-05T14:13:05.0166667+00:00

I have 2 webapis and an angular application. All protected by azure b2c. Angular application calls a web api that then calls the other web api. What are my options for webapi webapi call. how can i access the token for scopes?

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,299 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,512 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,169 questions
{count} vote

1 answer

Sort by: Most helpful
  1. James Hamil 22,886 Reputation points Microsoft Employee
    2023-05-05T21:10:08.8566667+00:00

    Hi @Praveen U (PUU) ,

    To call one web API from another web API, both protected by Azure AD B2C, you can follow these steps:

    1. Register both web APIs in Azure AD B2C: Register each web API as an application in your Azure AD B2C tenant, and configure their respective scopes.
    2. Grant permissions: Grant the first web API (the one called by the Angular app) permissions to access the second web API's scopes.
    3. Acquire an access token: When the Angular app calls the first web API, it should include an access token in the request. The first web API can then use this token to request another access token with the required scopes for the second web API.

    Call the second web API: The first web API can now call the second web API using the acquired access token. Include the access token in the Authorization header of the request to the second web API.

    Here's a high-level overview of the process:

    1. Angular app acquires an access token for the first web API's scopes.
    2. Angular app calls the first web API with the access token.
    3. First web API acquires an access token for the second web API's scopes using the received token.
    4. First web API calls the second web API with the new access token.

    If you've already begun the process and are stuck please let me know how I can help. Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James