Developer Support

Advocacy and Innovation

Using OAuth2 OBO with Azure AD B2C

This sample uses a custom web service (B2BOBOWeb) to provide a token endpoint, which handles the Extension Grant requests and communicates with B2C to respond with a valid response (access token). It uses a specific B2C tenant configured with custom journeys to handle this communication.

Choosing the OAuth2 grant flow

Premier Dev Consultant Marius Rochon explores OAuth2 questions you need to ask and how the answers lead to the selection of the grant. The OAuth2 specifications define six different grant types ( and Each provides the most optimal (from the ...

Azure BOTs – getting extra access tokens

In this post, Premier Dev Consultant Marius Rochon show us how to obtain extra access tokens using OAuth2 Extension flow (on-behalf-of flow). The following describes an approach for getting access tokens to more than one resource, without re-displaying the sign in dialog (using the V2 Azure AD endpoint). In a nutshell, the procedure...

Passive is good!

Here’s a quick read from Premier Developer consultant Marius Rochon’s blog.  In it, Marius gives some great reasons to leverage passive authentication protocols in your applications rather than writing your own code to handle credentials. Some time back I wrote about avoiding handling of credentials (creation/maintenance/...