The following describes some techniques, tools and approaches I found useful when developing applications with Azure AD B2C. The first part deals with setting up a newly created B2C tenant using the Azure portal only. The second part deals with developing custom journeys (Identity Experience Framework) xml policies.
- Register a “Token Viewer” application, which can be used to view results of journeys. I use “https://oidcdebugger.com/debug” as reply url and enable both id and access tokens for implicit flow. This will allow you later to run default and custom journeys from the portal and see the results in the nice UI provided by this app.
- Add a new user (Create user option) for use with the Microsoft Graph Explorer. It must be a user with the B2C tenant’s onmicrosoft.com domain. The Explorer uses the user’s domain to determine which B2C tenant to operate on. You may also want to give this user an elevated privilege if you are planning to use Graph to operate on more than just basic functions.
- Invite users, who will be involved in managing this tenant and the artifacts needed by applications: application registrations, user flows, custom journeys and similar. Use Invite User option in the Users tab.
Custom journey development
- To use Identity Experience Framework custom journeys, the Azure B2C tenant needs some additional setup. You can do it as per these instructions or you can use my helper app to accomplish it using my helper web application. The latter is a multi-tenant Azure AD application. It will require that you sign in with an identity created as above in your B2C tenant that has enough privilege to manage keys and IEF policies (I use a global admin but you can do it with less privilege). Note that when it is complete, you will need to click on a link, which will allow you to grant consent to the required IEF apps.
- Clone the starter policies.
- Use VS.Code and install in it the B2C Extensions to develop your xml policies. These tools make navigation between various elements in your policies much, much easier.
- Setup your AppInsights service for use to debug custom policies. I keep an xml snippet which includes the instrumentation key around so that I can later add it to my relying party files when I need to debug them (pray that you will never need to get into that!).
- At the same time, configure the settings of the B2C Extensions in VS.Code with the appropriate AppInsights values. It wil make your debugging experience much simpler!
- B2C Extensions for VS.Code include functionality for uploading your xml policies.
- Alternatively, consider using the IEF upload/download scripts. This PowerShell script will automatically replace placeholders already used in the Starter Pack (e.g. ‘yourtenant’ and IEF app ids) with values specific to your tenant. You can also add your own placeholders and provide their values in a conf.json file to make it easier to deploy same policies to multiple tenants (dev, qa, prod for example).
- Become familiar with the contents of the B2C Community github repo. Note in particular the sample policies – they are a great resource for both learning IEF and enhancing your own user journeys.