1

Is there a way to programmatically authenticate and get the tokens without having to login into an interface. We plan to consume our API from a process, and not from the use case in which a user authenticates first via a login screen. How do we accomplish this task?

Out API is deployed as a AppService in Azure. We are using AZ B2C to integrate authentication. We also added a policy in APIM to require a JWT token.

Thank you for any help

Pedro Reinoso
  • 91
  • 1
  • 4

3 Answers3

1

There are App tokens and user tokens. What you are looking for is for an app token.

Use postman with B2C client ID, client secret, grant type.. and Post them against your B2C /token endpoint to get a valid id_token.

Juanma Feliu
  • 1,298
  • 4
  • 16
0

Yes, you can programmatically authenticate using the MSAL.NET library.

Check the "Console/Daemon App" section here:

https://learn.microsoft.com/en-us/azure/active-directory-b2c/integrate-with-app-code-samples#consoledaemon-apps

https://github.com/Azure-Samples/ms-identity-dotnetcore-b2c-account-management

You can also programmatically authenticate against Azure AD B2C using the OAuth 2.0 Resource Owner Password Credential (ROPC) B2C user flow. This is a recent addition.

You would pass your credentials in through a web request to the appropriate OAuth 2.0 endpoints. However, this is less desirable because you would have to write the web requests and also you would have to create a 'user' account that your app process would use to authenticate with.

See here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-ropc-policy?tabs=app-reg-ga&pivots=b2c-user-flow

Ali Husain
  • 96
  • 5
0

Thank you Juanma and Ali for your suggestions. After several attempts to try to find a solution, I finally found an approach that will work for us. Juanma's comment pointed me in the right direction. Our API is hosted in Azure and we are using AD B2C to leverage authentication. To get the JWT token we are using the token endpoint with the client_credentials grant_type so no need for a user identity.

https://.b2clogin.com/.onmicrosoft.com//oauth2/v2.0/token

We then created a JWT policy in Azure API Management (APIM) to validate the token and grant access to our APIs.

Ali, I tried the daemon console app and struggled to make it work. Also, our clients are not Microsoft shops so I am not sure if they can use the MSAL.NET library from their non-Microsoft development environments. Is this possible?

Thank you for your help

Pedro

Pedro Reinoso
  • 91
  • 1
  • 4