Azure Authentication (classic): AAD multiple issuer url
I have set up B2C Azure Authentication for my azure function works fine and looks like this:
It works well, user can log in and call APIs all fine!
Now I want to call the same APIs from some other web API. I implemented it with client_credentials, i.e. I call https://login.microsoftonline.com/<b2c>.onmicrosoft.com/oauth2/v2.0/token with client id and secret and get token.
API response fails with 401 You do not have permission to view this directory or page.. I found out it's because the issuer is different (obviously), if I call API from a logged-in user issuer is https://<b2c>.b2clogin.com/<tenant id>/v2.0/ VS client credentials flow issuer is https://login.microsoftonline.com/<tenant id>/v2.0.
So I changed my settings like so:
Now call from an external web app doesn't fail. But it fails for users, that logged in as b2c flow!
How can I configure Issuer Url, so that it works in both flows: when the user sign-in-up flow via b2c and external API with client credentials flow?
There is a sample here
This api allows tokens from two different issuers.
You can’t achieve this with the Authentication options in the Azure Portal as it only allows one issuer.