Skip to content

Instantly share code, notes, and snippets.

@sandrinodimattia

sandrinodimattia/auth0-with-azure-b2c.md

Last active May 19, 2018 06:09
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sandrinodimattia/d33c5faa1bad9e8aebfa40027bb82773 to your computer and use it in GitHub Desktop.
Save sandrinodimattia/d33c5faa1bad9e8aebfa40027bb82773 to your computer and use it in GitHub Desktop.
Download ZIP
Connect Auth0 with Azure B2C
Raw
auth0-with-azure-b2c.md

Connect Auth0 with Azure AD B2C

Configuration

  1. Create an Azure AD B2C Directory
  2. Create a Regular Web Application (set the url here to https://YOUR_AUTH0_ACCOUNT/login/callback)
  3. Create a key
  4. Take note of the Application ID and the Key
  5. Create a sign in policy (you will have a name like B2C_1_signing)

Get a token for API v2 to create a connection

Replace in the following:

  • YOUR_AUTH0_DOMAIN: Your domain, like sandrino.auth0.com
  • YOUR_DIRECTORY_NAME: The name of your Azure AD B2C Directory
  • YOUR_APPLICATION_ID: The Application ID of your Regular Web Application in the Azure Portal
  • YOUR_APPLICATION_KEY: The key you created in the Azure Portal
  • YOUR_POLICY_NAME: Replace this with the name of your policy (B2C_1_signin for example)
  • enabled_clients: Replace these with the identifiers of the clients in Auth0 for which you want to enable this.
POST https://YOUR_AUTH0_DOMAIN/api/v2/connections

{
  "options": {
    "client_id": "YOUR_APPLICATION_ID",
    "client_secret": "YOUR_APPLICATION_KEY",
    "scripts": {
      "fetchUserProfile": "function(accessToken, ctx, cb) {\n  const jwt = require('jsonwebtoken');\n  const decoded = jwt.decode(ctx.id_token);\n  cb(null, {\n    user_id: decoded.sub,\n    family_name: decoded.family_name,\n    given_name: decoded.given_name,\n    name: decoded.name,\n    email: decoded.email\n  });\n}"
    },
    "authorizationURL": "https://login.microsoftonline.com/YOUR_DIRECTORY_NAME.onmicrosoft.com/oauth2/v2.0/authorize",
    "tokenURL": "https://login.microsoftonline.com/YOUR_DIRECTORY_NAME.onmicrosoft.com/oauth2/v2.0/token?p=YOUR_POLICY_NAME",
    "scope": "openid profile",
    "authParams": { "p": "YOUR_POLICY_NAME" }
  },
  "strategy": "oauth2",
  "name": "AzureAD-B2C",
  "enabled_clients": [
    "H70hUtVwUxpL9QwQSdsD9Jfq27gHZJir",
    "IsTxQ7jAYAXL5r5HM4L1RMzsSG0UHeOy",
    "aVefdrhGdyAijkxQaSnhVKGhWtgXq58B",
    "htxj4gBowcGcy2kYgbRqdUH9cFJ9dseU",
    "jZYOy5Pyv6ZcbG0rhsOKyAmBnNoINO3u",
    "w8yGQ7r7vtQGZ00RrD0I45mMVjFmO8st"
  ]
}

Example

https://sandrino.auth0.com/authorize?client_id=IsTxQ7jAYAXL5r5HM4L1RMzsSG0UHeOy&redirect_uri=https://sandrino.us.webtask.io/debugger&response_type=token&scope=openid%20profile&connection=AzureAD-B2C

You can login here with john.doe@b2ctests.onmicrosoft.com / Mypassword1

@markrey
Copy link

markrey commented Mar 29, 2017

Hi Sandrino,

Thank you very much for documenting the same.
I would like to allow all users rather than "enabled_clients". How can i allow it?

Regards,
Mark

@RoyKimYYZ
Copy link

Hi Sandrina,

Thanks for this article. I'm new to this and so wondering if you can do some explanation of what this is doing? Does this update or create new connections with the B2C sign in policy? What is the outcome to the user - e.g. do they see an Auth0 login or an Azure AD login page?

@uprightbass360
Copy link

Hi there Sandrina!
Thank you so much for posting this. I was wondering if you could share any of your configuration on the azure custom policy that you created for b2c which interfaces with this configuration? Or if anyone else has any other clarification to provide. I am trying to set up a B2C app which is connected directly to an auth0 account.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment