Azure Active Directory B2C user flows and custom policies are generally available. Azure AD B2C capabilities are under continual development, so although most features are generally available, some features are at different stages in the software release cycle. This article discusses cumulative improvements in Azure AD B2C and specifies feature availability.
Terms for features in public preview
We encourage you to use public preview features for evaluation purposes only.
Allows users to sign in to mobile and single-page applications. The application receives an authorization code using proof key for code exchange (PKCE). The authorization code is redeemed to acquire a token to call web APIs.
An application invokes a service or web API, which in turn needs to call another service or web API.
For the middle-tier service to make authenticated requests to the downstream service, pass a client credential token in the authorization header. Optionally, you can include a custom header with the Azure AD B2C user's token.
Responsibilities of custom policy feature-set developers
Manual policy configuration grants lower-level access to the underlying platform of Azure AD B2C and results in the creation of a unique, trust framework. The many possible permutations of custom identity providers, trust relationships, integrations with external services, and step-by-step workflows require a methodical approach to design and configuration.
Developers consuming the custom policy feature set should adhere to the following guidelines:
Become familiar with the configuration language of the custom policies and key/secrets management. For more information, see TrustFrameworkPolicy.
Take ownership of scenarios and custom integrations. Document your work and inform your live site organization.
Perform methodical scenario testing.
Follow software development and staging best practices. A minimum of one development and testing environment is recommended.
Stay informed about new developments from the identity providers and services you integrate with. For example, keep track of changes in secrets and of scheduled and unscheduled changes to the service.