Comments (9)
Thanks Damien,
We now have your BFF cookie based approach using Microsoft.Web.Identity working nicely in an AD B2C environment. It uses CC to access MS Graph versus OBO.
I do have another question. I noticed your code utilizes the ConfigureWait(false) syntax. One of my associates, believes this is not needed within ASP.Net Core. Can you explain your reasoning for it and also why it is no longer in the template code you just recently created at https://github.com/damienbod/Blazor.BFF.AzureAD.Template on Nov 29th?
Thanks again for you excellent posts.
from microsoftentraidauthmicrosoftidentityweb.
Ok, upon further investigation, I see that OBO is not directly supported but can be used as long as client credential is used for downstream API like MS Graph
from microsoftentraidauthmicrosoftidentityweb.
Understood, thx
from microsoftentraidauthmicrosoftidentityweb.
Hi Bob
Thanks! Azure B2C does not support the OBO flow. To access downstream APIs in Azure B2C, you need to use the CC flow. This configuration uses the OBO, so you would have to remove the downstream APIs and replace this with a CC client.
pinging @cmatskas just the verify this
Greetings Damien
from microsoftentraidauthmicrosoftidentityweb.
Hi again Damien,
Just to confirm as I'm not a strong oauth or openid connect dev. By CC I assume you mean Client Credentials and by OBO you mean On Behalf Of.
I believe I have this working as the Direct and Graph API seems to be working with ADB2C plus I created a custom user flow with claimsexchange via az function to pass approle user assignments into the auth pipeline so blazor client and server knows about RBAC based roles and Authorize attributes work as desired
Thanks again for the help.
from microsoftentraidauthmicrosoftidentityweb.
Also it seems OBO is now supported for ADB2C based on https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-developer-notes#oauth-20-application-authorization-flows
from microsoftentraidauthmicrosoftidentityweb.
I add extra claims like in this example
public class GraphApiClaimsTransformation : IClaimsTransformation
Greetings Damien
from microsoftentraidauthmicrosoftidentityweb.
Hi @vsdotnetguy thanks
yes ConfigureWait(false) is not needed within an ASP.Net Core context and should be removed. Will fix this.
Greetings Damien
from microsoftentraidauthmicrosoftidentityweb.
Created a Blazor template for this
https://github.com/damienbod/Blazor.BFF.AzureB2C.Template
maybe you could review, test, improve?
Greetings Damien
from microsoftentraidauthmicrosoftidentityweb.
Related Issues (4)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from microsoftentraidauthmicrosoftidentityweb.