❔ Question about Azure AD B2C and Front-End Authentication via API
Hey everyone! I've got a question about Azure AD B2C. After someone signs up using the "RegisterPortalUser" api function as non auth user, how do we make sure they're auto logged in on the website through an API? We are using Azure AD B2C for this, but we're not sure how to get it done. Any ideas?
3 Replies
Looks like nothing has happened here. I will mark this as stale and this post will be archived until there is new activity.
When you're working with Azure AD B2C and you want a user to be automatically signed in after they register, you typically need to follow these steps:
Complete the Sign-Up Process: When a user completes the registration process using the "RegisterPortalUser" API, they should be created as a new user in your Azure AD B2C tenant.
Acquire a Token: After the user is registered, you need to acquire a token on behalf of the user. This usually involves making a request to the Azure AD B2C token endpoint with the proper credentials that the user just registered with.
Use the Token for Authentication: Once you have the token, you can use it to authenticate the user on your website. This typically involves setting the token in the browser as a cookie or in the local/session storage and then configuring your web application to recognize this token and consider the user as logged in.
A High level view of how you might do that:
Register the User: Use the "RegisterPortalUser" API to create the user in Azure AD B2C.
Get an Authorization Code: As part of the registration process, you can often redirect the user to a login flow that includes the prompt=login parameter, which will force the user to enter their credentials even if they have a session already. Since the user has just registered, they can input their credentials to get an authorization code without additional interaction.
Exchange the Authorization Code for a Token: Make a POST request to the token endpoint of your Azure AD B2C tenant to exchange the authorization code for an ID token and/or access token.
Set the Token in the User's Session: Use the token to create a session for the user in your application.
Was this issue resolved? If so, run
/close
- otherwise I will mark this as stale and this post will be archived until there is new activity.
Was this issue resolved? If so, run /close
- otherwise I will mark this as stale and this post will be archived until there is new activity.