Azure B2C Custom Policy - Send Bearer Token and API key to REST API

Brian Weldon 16 Reputation points
2022-04-22T23:18:15.877+00:00

I am building a Custom Azure AD B2C policy for login and during the User Journey I need to call a REST API that is protected by both a Bearer Token and an API key in the header. The documentation indicates you have to pick one or the other. Is there anyway to send both? Here is my TechnicalProfile:

<TechnicalProfile Id="getAppConsent">
<DisplayName>Call Internal API to determine if this user is authorized for the given app</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ServiceUrl"><my_url></Item>
<Item Key="AuthenticationType">ApiKeyHeader</Item>
<Item Key="UseClaimAsBearerToken">IdPToken</Item>
<Item Key="SendClaimsIn">QueryString</Item>
<Item Key="AllowInsecureInProduction">true</Item>
<Item Key="DefaultUserMessageIfRequestFailed">Cannot process your request, please try again later.</Item>
</Metadata>
<CryptographicKeys>
<Key Id="API-Key" StorageReferenceId="B2C_1A_APIKey" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="IdPToken"/>
<InputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tenantid" />
<InputClaim ClaimTypeReferenceId="appId" DefaultValue="{OIDC:ClientId}" AlwaysUseDefaultValue="true" />
<InputClaim ClaimTypeReferenceId="userId" PartnerClaimType="username" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="appName" />
</OutputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>

Thank you for your assistance,

Brian Weldon

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,634 questions
{count} vote