Hello @Arthur Gharibyan , you can protect both your Web App and Web Api with Azure AD B2C.
The referenced sample demonstrates how to:
- Protect your Web Api with Azure AD B2C
- Obtain an id token and access token from your SPA to gain access to your Api resources.
The recommended approach involves authenticating interactively trough Azure AD B2C Sign in forms (User Journeys/User Flows/Custom Policies) to obtain the required tokens. Alternatively, but less recommended, you can replace Azure AD B2C Signing journeys with your own using the ROPC flow.
Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it so that others in the community with similar questions can more easily find a solution.