Identity providers are easy to add to web app but we have big problems trying to find out how to add Sign-in with Apple, which is now a requirement for all new apps. This link describes Azure AD B2C.
https://github.com/azure-ad-b2c/samples/tree/master/policies/sign-in-with-apple
Not being an Active directory expert, how can we integrate apple sign-in with web apps, just like adding Facebook or Google login? I think AAD B2C is a completely non-compatible solution vs EasyAuth in Azure web apps.
I would like to eventually see the a token and sid:xxx from EasyAuth with Sign-in with apple
Related
I have a Xamarin based Azure Mobile App. Today, it has OAuth 2.0 authentication with providers such as Google, LinkedIn, Apple and Microsoft. In the backend it uses Azure AD B2C to provide authentication services through the above providers. My question is as follows:
How do I allow users who are part of a customer Active Directory organization to:
(a) Use their organization's AD credentials to authenticate against my app Virtos?
(b) Do SSO with my Xamarin Forms App (in UWP, Android and iOS) so that they don't have to login explicitly into my app
Here is my use case: User John Doe from Contoso organization has an active directory credential such as jdoe#contoso.com. When he downloads and registers with my app (Virtos), he simply enters his id: jdoe#contoso.com. When enters his password, it authenticates against his organization's AD as an authenticated user and provides a token to my app. From then on, he should be able to log into Virtos using his contoso id and password. Essentially I am looking to replicate this pattern with users from multiple organizations.
Pardon the generic nature of my query but I have done the necessary research on this topic to the best of my ability. I am looking for samples, tutorials and how-to on how to federate my app with an organization's AD. I have found examples of generic federation between organizations but I am specifically looking for examples of federation between a Xamarin Forms front-end based Azure Mobile Service and a Corporate AD.
Any and all help will be appreciated.
I'm investigating Azure AD B2C as a possible auth service, which we want to use for user management and authentication. We have a web application, Web API which we can easily integrate with AAD B2C and migrate our current authentication and user management.
However, I did not find any solution how to authenticate mobile applications and integrate it with azuere ad b2c. Our mobile app communicates also with web api but it does not need any user login. These applications are tied to a tenant and every mobile app instance has an API key that is used to authenticate the mobile app on the backend.
Is it possible with azure ad b2c to achieve that kind of authentication, that we will generate API keys for our mobile apps and will use the same ad in azure like the normal users? Is possible with azure ad b2c or we should use another azure service?
What are the best practices in this area? It is similar to the backend to backend communication where API keys are used. Thx.
The normal way for such a scenario would be to use the client credentials flow, where you use your ClientID + ClientSecret for a silent login in order to get a non-personalized AccessToken.
Although it seems that this type of flow is currently not supported by AD B2C. Have a look here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/application-types#current-limitations
As an alternative, that page is refering to the client credentials flow of the Microsoft Identity Platform (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow).
I guess it now depends on the detailed requirements of your application whether it could be an option for you to use.
I'm currently using Azure B2C as identity management server to give my Blazor Webassembly client access to a .NET core API, but find the sign in flow to be a bit clunky. I've looked at Google One Tap sign in which is much more smooth but I'm not sure if that can be integrated with Azure B2C or if I need to throw that out. Can Google One Tap signin be incorporated Azure B2C and what are the basic steps to do so? And if that is not possible what are my alternatives?
You can configure Azure AD B2C to allow users to sign in to your application with credentials from external identity providers like Facebook, Google and GitHub.
Google One Tap is part of Google Identity Service, it's a type of Google Authentication without using password and we can use Google Identity Service along side with Azure AD B2C.
First we need to to register Google as an identity provider for your Azure AD B2C tenant, as described in this document.
You need to create a sign-up or sign-in policy, as described at Azure Active Directory B2C: Built-in policies, and add Google as an identity provider for this policy.
Check this example of using Google Identity Provider with Azure AD B2C for more information.
My customer wants to use AZURE AD B2C to authenticate external users, and Azure AD for employees of his company. I've been looking on github and googling about it, but there's a lack of examples over there.
Does anybody had the same requirement to give some hints?
Besides that, it seems that MSAL.js / hello.js has some bugs (X-Frame-Options issue when renewing the token).
Is there any other JS library that I'm not familiar?
My customer wants to use AZURE AD B2C to authenticate external users, and Azure AD for employees of his company.
Azure B2C supports this from custom policies. You can easily configure this by referring Azure Active Directory B2C: Get started with custom policies and Azure Active Directory B2C: Sign in by using Azure AD accounts
Besides that, it seems that MSAL.js / hello.js has some bugs (X-Frame-Options issue when renewing the token).
Microsoft was written a sample application using hello.js library. But as you said it has x-frame options issue but that is only for Social IDPs. So, you can still use SPA app written from Microsoft for your use-case.
Is there any other JS library that I'm not familiar?
Yes, there is another JS library out there similar to hello.js that is oidc-client.js. It is easy to configure and use in SPA application.
We have a Web API intended to serve multiple business partners, each of which will be customizing a white label version of our native app client.
We also have a Web API offering common functions to different apps.
We would like to use AD B2C as the identity and auth system, but cannot see how or if it is possible to use AD B2C to secure a common API for multiple apps. Is this achievable?
It depends on how you want to your partners usig the account login-in. If you expected that the partners login-in using the consumer account or local account in the Azure AD B2C you own, the answer is yes.
The Azure AD B2C supports the Access Tokens from March 23, 2017(refer here). And it supports many types of clients, including web apps, desktop and mobile apps, single page apps, server-side daemons, and other web APIs.
It is same to develop an web API server for one native app or multiples apps, you only need to register the multiple apps in your B2C tenant. More detail about acquring the access token for the Azure AD B2C, you can refer the link below:
Azure Active Directory B2C: OAuth 2.0 authorization code flow