Can Azure AD be used for social login ?
Came to understand that for user authentication via social login - Azure AD is not appropriate. Its more for organizing employees in premises and to provide them access to apps. It also provides SSO capabilities for employees under organization structure.
Azure AD can be used for customer facing websites but then they will be restricted to sign-in by using work-mail or at the very best by using microsoft account (outlook, live etc).
Azure AD does not provide social login feature. However, Azure AD B2C address this exact scenario.
Azure AD B2C uses OpenId Connect protocol
It uses OpenId which is built on top of OAuth to connect with social identity providers.
These links might help:
- Configure OpenId for your app
- Introduction to OpenId and how it compares to OAuth
- App demo using Azure AD B2C
- Adding policies in Azure AD B2C
Is it economical ?
Hell yes, their free tier has 50,000 user registration quota and 50,000 per month auth request, which is way cheaper than Auth0 and other identity providers. Implementing auth securely can be done, but is a tough business. One mistake and it can leave vulnerablity in app. If we go by monolith architecture then we can use identity framework. But for simple apps, Azure AD B2C is a viable option.