Azure B2C Custom Policy - Send Bearer Token and API key to REST API

Brian Weldon 16 Reputation points

I am building a Custom Azure AD B2C policy for login and during the User Journey I need to call a REST API that is protected by both a Bearer Token and an API key in the header. The documentation indicates you have to pick one or the other. Is there anyway to send both? Here is my TechnicalProfile:

<TechnicalProfile Id="getAppConsent">
<DisplayName>Call Internal API to determine if this user is authorized for the given app</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=, Culture=neutral, PublicKeyToken=null" />
<Item Key="ServiceUrl"><my_url></Item>
<Item Key="AuthenticationType">ApiKeyHeader</Item>
<Item Key="UseClaimAsBearerToken">IdPToken</Item>
<Item Key="SendClaimsIn">QueryString</Item>
<Item Key="AllowInsecureInProduction">true</Item>
<Item Key="DefaultUserMessageIfRequestFailed">Cannot process your request, please try again later.</Item>
<Key Id="API-Key" StorageReferenceId="B2C_1A_APIKey" />
<InputClaim ClaimTypeReferenceId="IdPToken"/>
<InputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tenantid" />
<InputClaim ClaimTypeReferenceId="appId" DefaultValue="{OIDC:ClientId}" AlwaysUseDefaultValue="true" />
<InputClaim ClaimTypeReferenceId="userId" PartnerClaimType="username" />
<OutputClaim ClaimTypeReferenceId="appName" />
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />

Thank you for your assistance,

Brian Weldon

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,634 questions
{count} vote