I'm trying to create an application in a microservices architecture. I'm currently trying to figure out the authentication and authorization part. I've done some research and opted for Azure AD B2C as the identity provider.
What I want right now is a way to create users within my Azure AD B2C through an REST API that I will expose to my clients (web applications and mobile clients). I've been exploring the Azure AD B2C documentation (https://learn.microsoft.com/en-us/azure/active-directory-b2c/) for some time now, and even the Azure AD B2C interface, but all the information regarding signin and signup that I was able to find it's related to allow users to perform these actions via a customisable page with company branding.
That's not what I need. I want to expose several services behind an API gateway and allow my client applications to perform the creation, and management of my users. I want my mobile team to be able to call my API, register a user, perform signin, and be able to access the other business related services without even knowing if I'm using Azure AD B2C or not. But so far I was't able to find any Azure AD B2C API that will allow me to do that. Can I achieve that with Microsoft Azure AD B2C or should I start looking into other cloud identity providers?
If you want to manage Azure AD B2C users with Rest API, you can use Microsoft Graph API to implement it. For more details, please refer to the document and the document
For example
Register application
Grant API permissions
Create Client secret
Get access token
POST https://login.microsoftonline.com/<your b2c tannat name >/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=<your sp appId>
&client_secret=<you sp password>
&scope=https://graph.microsoft.com/.default
POST https://graph.microsoft.com/v1.0/users
Content-type: application/json
Authorization: Bearer <access_token>
{
"displayName": "[TEST] Bridgette Harmon (Local account)",
"givenName": "Bridgette",
"surname": "Harmon",
"identities": [
{
"signInType": "userName",
"issuer": "<your b2c tenant>",
"issuerAssignedId": "Bridgette"
}
],
"passwordProfile" : {
"password": "password-value",
"forceChangePasswordNextSignIn": false
}
}