Building microservices through Event Driven Architecture part16 : Azure Active Directory B2C
This tutorial is the 16th part of a series : Building microservices through Event Driven Architecture.
The previous step is about Building micro services through Event Driven Architecture part15 : SPA Front End.
In this tutorial, I will show how to use an Identity provider to secure microservies by enabling Oauth2 and OpenId Connect using Azure AD B2C.
Azure Active Directory B2C provides business-to-customer identity as a service. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs.
Learn more about Azure AD B2C in What is Azure Active Directory B2C?
Azure Active Directory B2C
To setup Azure AD B2C as an identity provider , I need to create a B2C tenant wich is different from a Azure AD tenant
Azure AD B2C is a separate service from Azure Active Directory (Azure AD). It is built on the same technology as Azure AD but for a different purpose – to allow businesses build customer facing application and then allow anyone to sign up into those applications with no restrictions on user account.
Learn more about Azure AD in What is Azure Active Directory?
So to create a B2C tenant go to portal.azure.com and search for
Azure Active Directory B2C and click on create button
click on Create a new Azure AD B2C Tenant.
Complete the form respecting the naming convention and click on Review + Create
In Azure AD B2C, you can define the business logic that users follow to gain access to your application. For example, you can determine the sequence of steps users follow when they sign in, sign up, edit a profile, or reset a password. After completing the sequence, the user acquires a token and gains access to your application.
To create user flows, go to your azure AD B2C Tenant and click on User Flows as shown in the following picture, and then click on New user flow.
Here I’m going to create Sign In Up , Password Reset and Edit Profile policies
Sign Up and Sign In
Sign In Up policy enable users to register and create an account or to log into this Azure AD B2C Tenant.
To create a user Sign Up/In user flow , just follow the steps as shown in the following picture
Edit Profile policy enable users to complete or update their profile for this Azure AD B2C Tenant.
To create a Edit Profile user flow , just follow the steps as shown in the following picture
Password Reset policy enable users to change their password for this Azure AD B2C Tenant.
To create a Password Reset user flow , just follow the steps as shown in the following picture
Test User flows
To test my user flows I should register an application in my Azure AD B2C Tenant.
Go to the azure AD B2C Tenant and then click on the link App Registrations and fill in the form accordingly
Register an application
I set the name , select the supported account types, set https://jwt.ms/ as the redirect uri as shown in the following picture.
Now the test the Sign Up Sign In policy , I have to click on Run user flow
Select the application I registered earlier and click on run user flow
I will be prompted to sign Up , so I can follow the steps to sign Up/In and get an access token
Code source is available here :
Thanks for reading, if you have any feedback, feel free to post it