Developer Support

Advocacy and Innovation

To B2B or to B2C?

While one uses B to signify it’s focus on business partnerships, while the other uses C for consumers, at the end of the day either can be used to accomplish roughly the same access. My intent here is to focus on what I see as the fundamental difference; one that is most likely to drive the appropriate choice of technology.

Setting up for Azure B2C development

The following describes some techniques, tools and approaches I found useful when developing applications with Azure AD B2C. The first part deals with setting up a newly created B2C tenant using the Azure portal only. The second part deals with developing custom journeys (Identity Experience Framework) xml policies.

Claims encryption for B2C tokens

Once you sign in and consent, you should see TokenEncryption API in your Enterprise Apps. You will then be able to register your own client applications (recipients of encrypted tokens), set their API Permission to access the Token Encryption API with decrypt application permission, and use client credentials to request a token.

Using OAuth2 OBO with Azure AD B2C

This sample uses a custom web service (B2BOBOWeb) to provide a token endpoint, which handles the Extension Grant requests and communicates with B2C to respond with a valid response (access token). It uses a specific B2C tenant configured with custom journeys to handle this communication.

Using B2C to support multi-tenant SaaS apps

AAD multi-tenancy is ideal for medium-to-large enterprises who own and manage their own identity infrastructure. This sample is for small enterprises, usually without their own identity infrastructure. It provides support for an application that needs to group it's users into discrete groups, each representing an application tenant.