Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
The Retail Interest Group by Dynamics 365 Commerce has moved from Yammer to Viva Engage. If you don't have access to the new Viva Engage community, fill out this form (https://aka.ms/JoinD365commerceVivaEngageCommunity) to be added and stay engaged in the latest discussions.
This article describes how to set up the transfer of web API authentication to a Microsoft Dynamics 365 Commerce e-commerce site by using Microsoft Entra business-to-consumer (B2C).
Dynamics 365 Commerce uses Microsoft Entra B2C to support user credential and authentication flows. It can receive valid Microsoft Entra B2C tokens from an external web API or service. The Commerce rendering service handles the Microsoft Entra B2C authenticated tokens to use on a Commerce e-commerce site. Users who authenticate against the dedicated Microsoft Entra B2C tenant from a separate service can be transferred to an e-commerce site in an authenticated state. They can then continue shopping, checkout, or authentication activities.
Prerequisites
As a prerequisite, set up your e-commerce site with the Microsoft Entra B2C tenant as described in Set up a B2C tenant in Commerce.
Set up web API settings for authentication
Set up your Microsoft Entra B2C tenant in accordance with the guidance in Enable authentication in your own web API by using Microsoft Entra B2C. According to that guidance, create an app registration for the Microsoft Entra B2C tenant application that handles web, mobile, or single page apps. This process is also documented in Create a native application. The native application uses the mobile or standalone application to acquire the authentication token for the Microsoft Entra B2C tenant.
Various methods are available for creating the authentication token by using the Microsoft Entra B2C tenant application. Configurations vary further depending on the developmental approach. Microsoft Entra B2C supports the direct API authentication, resource owner password credentials (ROPC), and the Open ID Connect (OIDC) methods.
Note
Use the most secure authentication flow available. The ROPC flow requires a high degree of trust in the application and carries risks that aren't present in other flows. Only use this flow when other more secure flows, such as managed identities, aren't viable.
E-commerce site authentication with transferred tokens
Users who enter an e-commerce site from a transferred authenticated session are handled like users who authenticate directly against Microsoft Entra B2C. When you complete the setup described in the previous section, users who authenticate externally via Microsoft Entra ID B2C can have the same e-commerce site experiences as users who authenticate internally.
For the Commerce rendering service to use authentication tokens, they must have a "B2CToken" prefix (for example Authorization: B2CToken <token>). Additionally, the authentication tokens must reference the Tenant name and Client GUID values that you set up for Microsoft Entra ID B2C in the Commerce site builder site authentication profile at Tenant Settings > B2C Settings. They must also reference the Issuer value that you set up for the e-commerce site in Commerce headquarters, at Retail and Commerce > Headquarters setup > Parameters > Commerce shared parameters > Identity Providers.
Additional resources
Set up a B2C tenant in Commerce
Enable authentication in your own web API by using Microsoft Entra ID B2C