Preferred IEF pattern for exposing multiple flows in AAD B2C

Question

Hey there, I'm seeking some wisdom on b2c aad IEF patterns. If any one has even the slightest moment to read I would much appreciate it

Say I have: edit user, sign in, sign up, reset password does it make sense to attempt to merge them into one so that only single oidc provider is exposed to the clients?

So in general, if a client application wants to consume various flows (built with IEF) which cover different scenarios is it better to expose the underlying policies separately or ensure that only one or close to one policy is exposed downstream? I know there is this interesting detail that every policy has its own oidc provider ep which then results in different tokens

Answer 1

Hi @Zachar Kapustin • Thank you for reaching out.

You should keep the edit user, sign in, sign up, reset password policies separate. Even when you keep the policies separate, the Identity Provider will remain the same as the token will be issued by the same issuer. You can configure different claims to be returned in the token issued by each of these user flows but the issuer of the token will remain same. You might also want to return different claims for your application workflows, e.g. you want to return NewUser claim in the token after signup/signin policy but you don't want to return that claim after password reset or profile editing user flow.

In your application code, you can specify all the flows as described below:

If you want to remove the reference of the policy name from the token, you can remove the ACR claim by configuring the JWTIssuer technical profile, as highlighted below:

Read more : Tutorial: Add Azure AD B2C authentication to an ASP.NET Core web app

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.