0

We have the Web API as server application which registered from AAD B2C tenant, while the user would create their own Client app to invoke the Web API. However, the user could only register their Client app from their default directory which belong to different tenant with the B2C tenant. In this case, to delegate Web API to Client app seems impossible as they are from different tenant/directory ?

Expected to have a solution to delegate permission from AAD B2C application to Client app OR The client could request a specified scope to the AAD B2C application and authenticate successfully by OAuth standard flow.

Distance
  • 21
  • 1
  • To me this sounds impossible.. In order for them to use your API's scopes, the API would have to be multi-tenant and added to their tenant through admin consent flow (which I don't think will work for a B2C app). Feels like the client apps need to be registered in the B2C tenant. – juunas Oct 12 '21 at 06:26
  • I suppose one way would be to make a second Azure AD app registration in the B2C tenant is that a "regular" multi-tenant registration. Then your API would need to support two different tokens, one from B2C and one from regular AAD. – juunas Oct 12 '21 at 06:27

0 Answers0