4

I have a WebAPI application which authenticates users with their Azure B2C token they have acquired from signing in with their credentials.

I need to write some tests against my WebAPI now but I'm not sure how I can automate acquiring a token given that I need to sign in on https://login.microsoftonline.com...

Short of using selenium or something to sign in - is there another alternative for acquiring a token to use?

TomSelleck
  • 6,706
  • 22
  • 82
  • 151

1 Answers1

2

I assume that you want to get token with non-interactive.

I think you can use resource owner password credentials flow in AAD B2C.

NOTE:In Azure Active Directory (Azure AD) B2C, the following options are supported:

  • Native Client: User interaction during authentication happens when code runs on a user-side device. The device can be a mobile application that's running in a native operating system, such as Android, or running in a browser, such as JavaScript.

  • Public client flow: Only user credentials, gathered by an application, are sent in the API call. The credentials of the application are not sent.

  • Add new claims: The ID token contents can be changed to add new claims.

This flow can let you obtain token without UI.

Also, client credentials flow and OAuth 2.0 JWT bearer credential grant, also known as the on-behalf-of flow are not supported in AAD B2C currently. You can see the limitations in this documentation.

Wayne Yang
  • 9,016
  • 2
  • 20
  • 40
  • Hi @TomSelleck , May I know whether this answer is helpful? – Wayne Yang Jun 29 '18 at 04:52
  • Hi @Wayne Yang - MSFT, I haven't had a chance to try this yet - I will get back to you as soon as I know – TomSelleck Jul 02 '18 at 17:29
  • It was the right resource, thanks. And in your API call, `application-id` is to replace by the application `application-id` you want to access, not the `ROPC_Auth_app` one as described in microsoft article. – Ariel Feb 15 '21 at 14:27