Mapping Azure AD B2C Users to Database: Best Practices

Philly Chien 0 Reputation points
2024-10-22T14:46:02.3433333+00:00

I am using Azure AD B2C to authenticate users. Users log in using local accounts with usernames. In my React frontend, I successfully obtain id and access tokens after authentication. However, I've noticed that the tokens do not include the username, and I cannot configure application claims to include the username.

I need to map the authenticated Azure AD B2C users to records in my application's database within my Web API backend (built with Spring Boot). My challenge is that without the username in the token, I'm unsure how to perform this mapping.

I've considered the following options:

Adding Custom Claims: I attempted to customize the Azure AD B2C user flow to include the username in the token claims, but I couldn't find a straightforward way to achieve this.

  1. Using Microsoft Graph API to retrieve the username: I am considering using Microsoft Graph API, either in the frontend or backend, to fetch the username based on the objectId. However, I am not sure if this is the best practice for this scenario.

Using objectId or sub Claim: I noticed that the tokens include an objectId (or sub claim), which is a unique identifier for the user. I'm considering using this for mapping, but I'm unsure if this is the standard or recommended approach.

My Questions Are:

What is the best practice for mapping Azure AD B2C authenticated users to records in my application's database?

Is using the objectId or sub claim as the unique identifier for users in my database the recommended approach?

  • Is there a way to include the username in the token claims, or a standard method to retrieve the username?
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,645 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.