unifying azure ad and azure b2c tokens

Emil Skov Rasmussen 20 Reputation points
2024-12-17T14:13:32.34+00:00

Hi

I have a setup where internal apps do some processing.
i have customer facing frontends that connect to the internal apps.
i have apps only facing internal employees that connect to the internal apps.

currently the internal apps validate both azure b2c and azure ad tokens, depending on the method of entrance.
is it possible to have those token types unified in to a single token types so i dont need 2 different validators at the internal app level?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,985 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,875 questions
0 comments No comments
{count} votes

Accepted answer
  1. James Hamil 26,881 Reputation points Microsoft Employee
    2024-12-18T00:22:26.23+00:00

    Hi @Emil Skov Rasmussen , both Azure AD B2C and Azure AD use JSON web tokens (JWTs) that contain assertions of information about the bearer and the subject of the token. However, the tokens used in Azure AD B2C and Azure AD are different and cannot be unified into a single token type.

    Azure AD B2C emits different types of security tokens as it processes each authentication flow. The ID token is a JWT that contains claims that you can use to identify users in your application. This token is securely sent in HTTP requests for communication between two components of the same application or service. You can use the claims in an ID token as you see fit. They're commonly used to display account information or to make access control decisions in an application.

    On the other hand, Azure AD issues different types of tokens depending on the authentication flow used. The most common tokens are the ID token, access token, and refresh token. The ID token is a JWT that contains claims about the authenticated user, such as their name, email, and unique identifier. The access token is a JWT that contains the permissions granted to the authenticated user, and it is used to access protected resources. The refresh token is used to obtain a new access token when the current one expires.

    You can consider using a single authentication flow for both internal and external users to simplify the validation process at the internal app level.

    For example, you can use the OpenID Connect (OIDC) authentication flow, which is supported by both Azure AD B2C and Azure AD: https://zcusa.951200.xyz/en-us/entra/architecture/auth-oidc

    You can also look into B2C federation: https://zcusa.951200.xyz/en-us/entra/external-id/customers/how-to-b2c-federation-customers

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.