SariDev
commented
1 year ago I'm also interested in this.
This link states that AD B2C does not support the "on behalf of" flow: https://learn.microsoft.com/en-us/azure/active-directory-b2c/access-tokens
Also as far as I know an Azure App Registration in AD B2C that exposes scopes via the "Expose an API" menu can only expose "delegated" scopes and not "application" scopes (Only possible in Azure AD).
These "delegated" scopes can't be used when an API uses the ITokenAcquisition.GetAccessTokenForAppAsync method
So we can't use:
- "on behalf of" flow
- application authentication
What is the current approach for Azure AD B2C protected API to call another Azure AD B2C protected API?
I would have expected that this is a common scenario.
I have a web API that needs to call another web API, where both are protected by B2C. This is unsupported yet should be a pretty common request.
Seems many people are requesting this, but no one has responded on the azure feedback site. https://feedback.azure.com/d365community/idea/86d396da-b125-ec11-b6e6-000d3a4f0789
Documentation showing downstream calls are unsupported in B2C. https://learn.microsoft.com/en-us/azure/active-directory-b2c/application-types#web-api-chains-on-behalf-of-flowI
Please let me know if this is the wrong place to submit this request.