Azure AD B2C REST API endpoint for user authentication

Question

I am trying to authenticate users for my Reactjs-based application through Azure AD B2C service. While going through the documentation, I found 2 ways - popup and redirect, but both these options have some limitations like if I want the login/signup form very customized or I want a callback to be returned on new user signup etc. Also, I am using AD to authenticate users for React Native mobile application and in that I have to use webview for redirect which doesn't give a very native feel.

A solution for these limitations some forums gave was to use API connectors but again I wasn't able to find some good documentation for that.

Can anyone help in determining a good approach for user authentication and signup with a custom form that I can create, maybe by using some API endpoints or any SDK for that purely on the frontend-side ?

Answer 1

The whole point of using products like B2C is to offload your sign-in, signup, password-reset flows to another system which is tailored to handle it using standard protocols.

If you are looking for a streamlined way to integrate B2C login screens into your app, then take a look at embedded sign-in with iframe and it should allow you to embed a customized sign-in frame right into your app (this is currently only available via custom policies, not user flows).

As for API Connectors, they are used for process execution upon sign-up or sign-in, either as a part of token enrichment (i.e. grab more user related data from backend and insert in the token returned by B2C) or webhooks to execute another routine such as sending a welcome email or other type of integration.

If you want to do sign-ins that are purely executed from front-end form, you can look at B2C resource owner password credentials flow (ROPC) which is a very bad idea from a security perspective. It will also not help you in case of signup as this is merely a login mechanism.

However, if you want to use your own form to sign-up users, you're free to use the MS Graph API or any of the libraries which implement it.

Our recommendation is to use Azure AD B2C User Flows with redirects + optionally using API Connectors if necessary, and if you need embedded sign-in then instead use Azure AD B2C Journey Framing enabled Custom Policies + optionally using RESTful technical profile (which does the same thing as an API connector but for custom policies).