Do we have samples on how Securing API using B2C and test it using postman?

[rdonasco]

Hi,

I've been trying to look for samples that secures API layers using B2C. The main purpose is for mobile app using B2C authentication to access API.

I tried to adjust the azure-active-directory-spring-boot-sample to use b2c properties

Here's my properties file content.

azure.activedirectory.client-id=${app.client-id}
azure.activedirectory.client-secret=${app.client-secret}

spring.security.oauth2.client.registration.azure.client-id=${app.client-id}
spring.security.oauth2.client.registration.azure.client-secret=${app.client-secret}
spring.security.oauth2.client.registration.azure.provider=azure-oauth-provider
spring.security.oauth2.client.registration.azure.authorization-grant-type=authorization_code

spring.security.oauth2.client.provider.azure-oauth-provider.authorization-uri=https://${tenant.name}.b2clogin.com/${tenant.name}.onmicrosoft.com/oauth2/v2.0/authorize?p=${signin.policy}
spring.security.oauth2.client.provider.azure-oauth-provider.token-uri=https://${tenant.name}.b2clogin.com/${tenant.name}.onmicrosoft.com/oauth2/v2.0/token?p=${signin.policy}
spring.security.oauth2.client.provider.azure-oauth-provider.jwk-set-uri=https://${tenant.name}.b2clogin.com/${tenant.name}.onmicrosoft.com/discovery/v2.0/keys?p=${signin.policy}
spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://${tenant.name}.b2clogin.com/${tenant.name}.onmicrosoft.com/discovery/v2.0/keys?p=${signin.policy}

I've been running around in circles now, and I'm hoping someone has done it already and share some tips how to do it.

[saragluna]

Sorry for the late response. Have you tried following our b2c sample, or is it the scenario you want to use?

[georgeplaton7]

I am also stuck with this one

[yiliuTo]

Hi, @qgicup . Can you give a detailed description of your issue? Or have you tried the b2c sample ?

[saragluna]

Closing this issue now.