1

How does one achieve authorization for an api using Azure B2C?

Authentication

The setup in Azure AD b2c: web: login api: GetStuff

web->sign-in>azure userflow:signinpolicy -(success)-> token = AccessTokenForUser("scope1","scope2"..) call [Authorize(Policy = "scope1")]api.GetStuff with requestheader=token.

Works great but this is only Authentication and how does one implement Authorization?

The a basic supported scenario should be:

If I belong to an item I should be able to edit it, i.e. write otherwise I should only have read.

ΩmegaMan
  • 29,542
  • 12
  • 100
  • 122
Tomas Hesse
  • 385
  • 3
  • 10

1 Answers1

1

Please refer below sample documents and it will help how to implement RBAC in B2C using Security Group. Using below sample you can consider attaching the roles to the user object as custom claim.

Reference: https://github.com/azure-ad-b2c/samples/tree/master/policies/relying-party-rbac

Jit_MSFT
  • 134
  • 4