Passing B2C token through developer portal of API Management Service for API calls

Question

I have B2C integrated into my Azure APIM instance, and this will be the main way that users will access the developer portal. The APIs are protected through B2C and through being assigned a product in my Azure APIM instance. So the APIs require a B2C token and a subscription key. When I call the APIs through the developer portal however, I'm receiving a 401 unauthorized error. I believe it is because the API is not passing the JWT token through - how would I go about passing the user's B2C token through the developer portal?

Answer 1

@hampton123 The Developer Portal needs to be configured to fetch and pass the appropriate token from the test console as mentioned in the official docs.

For reference, here are the high-level steps

1. Register an application (backend-app) in Azure AD to represent the API.
2. Register another application (client-app) in Azure AD to represent a client application that needs to call the API - in this case, the test console of the developer portal.

In Azure AD, grant permissions to allow the client-app to call the backend-app.

1. Configure the test console in the developer portal to call an API using OAuth 2.0 user authorization.
2. Configure an API to use OAuth 2.0 user authorization.
3. Add a policy to pre-authorize the OAuth 2.0 token for every incoming request. You can use the validate-jwt policy for any OAuth 2.0 provider.

If you have already configured the OAuth 2.0 providers in the Azure Portal and the policies to authorize requests, then you are just missing step 4 from the above, which is just a simple setting from the Azure Portal UI as shown in the docs.