Can we send a magic link for signup via Azure AD B2C policy rather than the application sending it? The sample at https://github.com/azure-ad-b2c/samples/tree/master/policies/invite shows the app sending the B2C signup link.
Related
I have one application integrated with Azure B2C directory. Our problem is, login page is redirecting to Azure B2C portal (Own custom page) for authenticate or Authorize users and then revert back to the original website.
I need to open popup with my own website login design and at the backend, I am able to call Azure B2C REST api to validate users.
How I can create REST API for Login in Azure B2C portal?
Let me know if you have any information about the same.
As juunas said in the comment, you could use resource owner password credentials(ROPC) flow to validate users at the backend. You could call the API with the POST request at the end. Note: ROPC supports local accounts only.
Try to create resource owner user flow first.
You need to replace the username and password with the user's to be verified.
POST https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/B2C_1A_<ROPC_Auth name of the flow>/oauth2/v2.0/token
username=<username>
&password=<password>
&grant_type=password
&scope=openid <application-id> offline_access
&client_id=<application-id>
&response_type=token+id_token
how to change signed out response message on azureADB2C or how to remove the response message on azure ad2bc after successful signout
Find below screenshot
Default Signout message Screenshot
The B2C logout endpoint redirects you back to the application.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/openid-connect#send-a-sign-out-request
Is this what you implemented? The image appears to be a logout from Azure AD, not AAD B2C. The cropping of the url makes it hard to tell.
Is there any way to change the content of the SMS that user receives to his/her phone for verification code to login as a MFA in Azure AD B2C custom policies?
I'm trying to integrate Google identity provider to sign in user flow in Azure Ad B2C. while logging in with google id and password its redirecting to the page which I have provided but with an error "User does not exist. Please sign up before you can sign in."
It's working fine with Facebook Idp
If you are using SignIn only (and not SignUporSignIn flow), this behavior is expected if the user does not exist in the directory.
If you use a SignUporSignIn flow, user will be prompted to signup if they don't exist.
When using Facebook as the IDP for Azure AD B2C, it appears that B2C isn't using the FB SDK correctly.
Using FB's guidelines found here, I would expect scenario 2 and 3 below to log out of Facebook:
A person logs into Facebook, then logs into your app. Upon logging
out from your app, the person is still logged into Facebook.
A person logs into your app and into Facebook as part of your app's
login flow. Upon logging out from your app, the user is also logged
out of Facebook.
A person logs into another app and into Facebook as part of the
other app's login flow, then logs into your app. Upon logging out
from either app, the user is logged out of Facebook.
When we log out of our application, Facebook is staying logged in, which is NOT the desired behaviour.
Similar question was asked previously on Technet.
Is there a way to make this happen, or is this feature on the B2C roadmap?
Azure AD B2C does not support signing you out from the external identity provider, be it Facebook, Google or a custom OIDC/SAML/WS-Fed identity provider. It only signs you out from Azure AD B2C.
Currently, Azure AD B2C does not disambiguate whether you were already signed-in to the external identity provider or signed in to it as part of signing in to Azure AD B2C, so it can only either always keep you signed in or always sign you out. The latter option is rather invasive, thus Azure AD B2C opts for keeping you signed in, which is in line with Facebook's #1 guideline.
You can request support for this more advanced detection and sign out logic via the Azure AD B2C feedback forum.
Note: This question is similar to: Azure AD B2C OpenID Connect single logout with WS-Federation and SAML claims provider