Azure AD B2C REST API endpoint for user authentication

Prateek Goyal 1 Reputation point
2021-10-07T06:54:46.117+00:00

I am trying to authenticate users for my Reactjs-based application through Azure AD B2C service. While going through the documentation, I found 2 ways - popup and redirect, but both these options have some limitations like if I want the login/signup form very customized or I want a callback to be returned on new user signup etc. Also, I am using AD to authenticate users for React Native mobile application and in that I have to use webview for redirect which doesn't give a very native feel.

A solution for these limitations some forums gave was to use API connectors but again I wasn't able to find some good documentation for that.

Can anyone help in determining a good approach for user authentication and signup with a custom form that I can create, maybe by using some API endpoints or any SDK for that purely on the frontend-side ?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,394 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,593 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Hazem Elshabini 81 Reputation points
    2021-10-19T09:44:40.497+00:00

    The whole point of using products like B2C is to offload your sign-in, signup, password-reset flows to another system which is tailored to handle it using standard protocols.

    If you are looking for a streamlined way to integrate B2C login screens into your app, then take a look at embedded sign-in with iframe and it should allow you to embed a customized sign-in frame right into your app (this is currently only available via custom policies, not user flows).

    As for API Connectors, they are used for process execution upon sign-up or sign-in, either as a part of token enrichment (i.e. grab more user related data from backend and insert in the token returned by B2C) or webhooks to execute another routine such as sending a welcome email or other type of integration.

    If you want to do sign-ins that are purely executed from front-end form, you can look at B2C resource owner password credentials flow (ROPC) which is a very bad idea from a security perspective. It will also not help you in case of signup as this is merely a login mechanism.

    However, if you want to use your own form to sign-up users, you're free to use the MS Graph API or any of the libraries which implement it.

    Our recommendation is to use Azure AD B2C User Flows with redirects + optionally using API Connectors if necessary, and if you need embedded sign-in then instead use Azure AD B2C Journey Framing enabled Custom Policies + optionally using RESTful technical profile (which does the same thing as an API connector but for custom policies).

    0 comments No comments