Setting up for Azure B2C development

Note: updated to use the newer IEFPolicies PowerShell module (Sep 2021) Mar 2022: Added SAML-related tools The following describes some techniques, tools and approaches I found useful when developing applications with Azure AD B2C. The first part deals with setting up a newly created B2C tenant using the Azure portal only. The second part deals […]

Choosing the OAuth2 grant flow

The OAuth2 specifications define six different grant types (https://tools.ietf.org/html/rfc6749 and https://tools.ietf.org/html/draft-ietf-oauth-device-flow-15). Each provides the most optimal (from the security point of view) way of obtaining access or (for OIDC) id_tokens given the circumstances of the client application. This blog summarizes the questions that the implementer of the OAuth2 client application needs to ask and how […]

Federation patterns using Azure AD

Objectives This post considers scenarios where an application needs to be accessed by users from many sources of authentication. (Office 365, owned and operated by Microsoft but whose use is managed separately by many independent organizations is an example of such a resource). It proposes a framework for determining an optimal solution for the application […]

Developing an Azure AD B2C multi-tenant application

The ‘regular’ Azure AD has build-in support for multi-tenant applications. In that case, a user from any Azure AD tenant can sign in to an application registered in another tenant. The application can then use the user’s security context to give the user a view of data that is specific to that tenant. The goal […]

Claims augmentation with OWIN but outside of Startup code

Claims list included in the ClaimsPrincipal¬†usually originate from the security token¬†received by the application as part of user authentication (SAML, OpenIDConnect id token) or access authorization (OAuth2 bearer access token). ¬†However, sometimes there is a need to modify that list with claims derived from other sources: Attributes retrieved from custom databases Attributes not initially included […]