Azure B2C Custom Policies obtain Bearer token

CH Vamsi Krishna 0 Reputation points
2025-01-01T18:24:27.0066667+00:00

Hi

I am using Azure B2C Custom policies for Login and SSPR (password) already and I got a new requirement that It should invoke a REST API call (microservice) which is hosted in Azure(APIM) and I have implemented a REST Technical profile which can connect with APIM URL however it(APIM or REST API) expects Bearer / AccessToken.

I am looking for another technical profile which can take below details such as client id, secret,& Resource id and generates bearer token so that I can call the APIM URL with the bearer token
https://login.microsoftonline.com/tenantid-531f-4f14-9af1-dc7b444c3ad8/oauth2/token
grant_type:client_credentials

client_id:sdf-c41a-43ab-bb11-e73259dbd33f

client_secret:sdf~3aKoyO3Vg-sdf

resource:df-00f5-4d7b-b1e2-313aba71fe8e

or do you think is there any better way like Azure b2c custom policy -> call APIM -> APIM should generate token-> Rest API (microservice)

Suggest your thoughts

I am using this now but not working

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,828 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 26,881 Reputation points Microsoft Employee
    2025-01-02T23:02:07.5933333+00:00

    Hi @CH Vamsi Krishna , you can use the REST-AcquireAccessToken technical profile to obtain an access token using the client credentials flow. This technical profile will generate an access token that can be used to call your REST API.

    You can then use the bearerToken output claim in your REST technical profile to call your REST API.

    More information here: https://stackoverflow.com/questions/69507949/how-to-get-oauth2-bearer-access-token-in-b2c-custom-policy-to-send-claims-to-my

    You can also use Azure APIM to generate the access token for you. You can configure APIM to use Azure AD as the authentication provider and then use the openid scope.

    Please let me know if you have any questions and I can help you further.

    Best,

    James

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.