Can Public Users Access Azure AD B2C Tokens?

hampton123 1,165 Reputation points
2023-08-25T18:59:17.2066667+00:00

I've been using Azure AD B2C lately and came across this documentation about Azure AD B2C access tokens. This has me wondering if it's possible for users to request access tokens publicly to access APIs, given that they have information such as the client ID of my app registrations. Sorry if this is a silly question, I'm still pretty new to B2C.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,839 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 17,766 Reputation points Microsoft Employee
    2023-08-29T16:49:08.5233333+00:00

    @hampton123

    Thank you for posting your query on Microsoft Q&A, from above description I could understand that you are looking for way to access an API with access token issued to user account with Azure B2C.

    Please do correct me if this is not the case by responding in the comments section.

    Yes, you could Secure an Azure API Management API with Azure AD B2C and have it accessed with a B2C user account via an access token issued by B2C endpoint, PFB steps for the same

    1. Get Azure AD B2C application ID
    2. Get a token issuer endpoint
    3. Configure the inbound policy in Azure API Management
    4. Validate secure API access
    5. Support multiple applications and issuers
    6. Migrate to b2clogin.com

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.