-1

I have 2 applications .

Application 1 : A .NET backend / Angular frontend app with AD B2C for authentication. (This application is already developed and working.) Application 2 : A similar stack application using database for authentication (basic email/password authentication)

Application 2 users are also created in Application 1 and AD B2C also (via App1 API and Graph API)

From application 2 I want to be able to access application 1 (through deep-links) . How should I structure my 2 applications so that SSO is possible from Application 2 to application 1 (since application 2 user is already authenticated when logging into application 2 and clicking deep-link to application 1 - where also the user exists).

Thanks

user14013917
  • 1

1 Answers1

0

What you need is "on behalf of flow", which allows you to exchange a token for Application 1 for a token for Application 2. Unfortunately, B2C does not support this currently (AAD B2B does) and it's a fairly major flaw in B2C usage.

Sam Cogan
  • 38,736
  • 6
  • 78
  • 114
  • Thank you. Just a clarification, when you say "it's a fairly major flaw in B2C usage" does this mean my use case is flawed and I am trying to use B2C in a way it was not designed to and I should re-think my approach? – user14013917 Dec 06 '22 at 17:12
  • Also is it possible (https://github.com/azure-ad-b2c/rest-api) for AD B2C to delegate authentication to a REST endpoint (custom database auth) and on authentication continue with the same user for authorization flow into the AD B2C application. ie App2 (user logs in user/pswd) --> clicks on deeplink to App1 --> redirect to AD B2C --> REST API (verifies user session/authenticates) --> passes token/handle to AD B2C --> authenticated user continues AD B2C userid/token flow to App1 . – user14013917 Dec 06 '22 at 17:20
  • I mean it's a flaw that it is missing from B2C, lots of people are complaining about that – Sam Cogan Dec 07 '22 at 10:48