@juni dev To restrict access to your APIs to only Azure AD B2C clients, you can use Azure AD B2C as the authentication mechanism for your APIs. You can configure your APIs to accept only requests that include a valid Azure AD B2C-issued access token.
Here are the high-level steps to achieve this:
- Register your APIs in Azure AD B2C as applications.
- Configure your APIs to accept only requests that include a valid Azure AD B2C-issued access token.
- Configure your Azure AD B2C custom policies to obtain an access token for your APIs.
You mentioned that at the time the B2C needs to consume the APIs, the user is not yet authenticated. In this case, you can use the client credentials flow to obtain an access token for your APIs.
Here is an example of how to use the client credentials flow to obtain an access token for your APIs:
- Register your APIs in Azure AD B2C as applications.
- In the Azure portal, go to your Azure AD B2C tenant and select "App registrations".
- Select "New registration" and register your APIs as applications.
- In the API Management portal, go to your API and select "Settings".
- Under "Security", select "OAuth 2.0".
- Select "Add" and configure your APIs to accept only requests that include a valid Azure AD B2C-issued access token.
- In your Azure AD B2C custom policies, use the client credentials flow to obtain an access token for your APIs.To restrict access to your APIs to only Azure AD B2C clients, you can use Azure AD B2C as the authentication mechanism for your APIs. You can configure your APIs to accept only requests that include a valid Azure AD B2C-issued access token. Here are the high-level steps to achieve this:
- Register your APIs in Azure AD B2C as applications.
- Configure your APIs to accept only requests that include a valid Azure AD B2C-issued access token.
- Configure your Azure AD B2C custom policies to obtain an access token for your APIs.
- Configure your APIs to accept only requests that include a valid Azure AD B2C-issued access token.
- Register your APIs in Azure AD B2C as applications.
- In the Azure portal, go to your Azure AD B2C tenant and select "App registrations".
- Select "New registration" and register your APIs as applications.
- In the API Management portal, go to your API and select "Settings".
- Under "Security", select "OAuth 2.0".
- Select "Add" and configure your APIs to accept only requests that include a valid Azure AD B2C-issued access token.
- In your Azure AD B2C custom policies, use the client credentials flow to obtain an access token for your APIs.
- Register your APIs in Azure AD B2C as applications.