stackoom
  简体   繁体   中英

Azure AD B2C User Account Management from JavaScript Clients

 原文  2020-12-28 17:45:23       angular/ azure-active-directory/ azure-ad-b2c

Question

I used this dotnetcore sample ms-identity-dotnetcore-b2c-account-management to get all the users from a AD B2C Directory.

Can this be achieved from a JavaScript client like Angular using some API? I'm trying not to use an Azure Function with the SDK code but directly call any existing Azure service from the Angular application itself to get the users.

UPDATE:

I used

    "@azure/@azure/msal-angular": "^2.0.0-alpha.0",
    "@azure/msal-browser": "^2.7.0"

and can login and logout from Azure AD B2C.

But the login requires username and password. I can't get all the users in the B2C with the token that I get after login. I get authentication failed error.

I think my app needs to access the B2C directory without login and password by following the instructions here: https://docs.microsoft.com/en-us/graph/auth-v2-service . This is for Background services (daemons) applications. Now I have to use two libraries to get tokens (one to login and one to get the users).

I'm confused by a few different libraries also:

https://developer.microsoft.com/en-us/graph/get-started/angular https://docs.microsoft.com/en-us/graph/sdks/sdk-installation#install-the-microsoft-graph-javascript-sdk https://docs.microsoft.com/en-us/graph/toolkit/get-started/use-toolkit-with-angular

  1. Can I achieve the login as well as reading the users with a single library @azure/msal-angular and the same token?
  2. Can I read the users only using Background services (daemons) flow only and not by "@azure/msal-angular": "^2.0.0-alpha.0" ?

2 answers

solution1
 1 ACCPTED  2020-12-29 01:41:56

As you can see the title Azure AD B2C user account management with .NET Core and Microsoft Graph , it calls Microsoft Graph API.

Microsoft Graph provides the Javascript SDK .

You can refer to this example to list the Azure AD B2C users.

const options = {
    authProvider,
};

const client = Client.init(options);

let res = await client.api('/users')
    .get();

An Angular sample for your reference.

solution2
 1  2021-01-02 00:09:43

  1. You can use the same app (website) to “read users” via graph and login via an AAD B2C user flow. These are not the same tokens, they are acquired from different token issuers -AAD/AAD B2C . MSAL supports both token endpoints. What you're asking to do doesn't make much sense. A user read op is usually server side (AAD token endpoint/Graph API/client_credential). A user login is client side (AAD B2C authorise endpoint/Your API/Auth Code). This means a user who logs in via AAD B2C cannot call Graph API. Read for more info - https://github.com/MicrosoftDocs/azure-docs/issues/56756#issuecomment-652903203

  2. Sure, just follow an Azure AD guide for Graph API access. Yes it works in AAD B2C directories. https://docs.microsoft.com/en-us/graph/tutorials/node

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Login redirect a user with Azure AD B2C from an Angular application and msal.js Azure AD B2C: Clients must send a client_secret when redeeming a confidential grant Login Issue to Azure AD B2C b2c and b2e integration with Azure AD Azure AD B2C: The scope 'user.read' provided in the request is not supported How to dynamically redirect user to a different page in Azure AD B2C based on a condition Angular 4/5 login with microsoft online account without creating a azure ad b2c app and communicate with Web API (.net core 2.0) Azure AD B2C from an Angular application and msal: Loading customized UI Html Generating access Token with loginRedirect in Azure AD B2C portal Authenticate using Azure AD B2C in a NativeScript angular Application
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM