Mapping Azure AD B2C Users to Database: Best Practices
I am using Azure AD B2C to authenticate users. Users log in using local accounts with usernames. In my React frontend, I successfully obtain id and access tokens after authentication. However, I've noticed that the tokens do not include the username
, and I cannot configure application claims to include the username
.
I need to map the authenticated Azure AD B2C users to records in my application's database within my Web API backend (built with Spring Boot). My challenge is that without the username
in the token, I'm unsure how to perform this mapping.
I've considered the following options:
Adding Custom Claims: I attempted to customize the Azure AD B2C user flow to include the username
in the token claims, but I couldn't find a straightforward way to achieve this.
- Using Microsoft Graph API to retrieve the username: I am considering using Microsoft Graph API, either in the frontend or backend, to fetch the
username
based on theobjectId
. However, I am not sure if this is the best practice for this scenario.
Using objectId
or sub
Claim: I noticed that the tokens include an objectId
(or sub
claim), which is a unique identifier for the user. I'm considering using this for mapping, but I'm unsure if this is the standard or recommended approach.
My Questions Are:
What is the best practice for mapping Azure AD B2C authenticated users to records in my application's database?
Is using the objectId
or sub
claim as the unique identifier for users in my database the recommended approach?
- Is there a way to include the
username
in the token claims, or a standard method to retrieve theusername
?