I'm investigating Azure AD B2C as a possible auth service, which we want to use for user management and authentication. We have a web application, Web API which we can easily integrate with AAD B2C and migrate our current authentication and user management.

However, I did not find any solution how to authenticate mobile applications and integrate it with azuere ad b2c. Our mobile app communicates also with web api but it does not need any user login. These applications are tied to a tenant and every mobile app instance has an API key that is used to authenticate the mobile app on the backend.

Is it possible with azure ad b2c to achieve that kind of authentication, that we will generate API keys for our mobile apps and will use the same ad in azure like the normal users? Is possible with azure ad b2c or we should use another azure service?

What are the best practices in this area? It is similar to the backend to backend communication where API keys are used. Thx.

CodePudding user response：

The normal way for such a scenario would be to use the client credentials flow, where you use your ClientID ClientSecret for a silent login in order to get a non-personalized AccessToken. Although it seems that this type of flow is currently not supported by AD B2C. Have a look here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/application-types#current-limitations

As an alternative, that page is refering to the client credentials flow of the Microsoft Identity Platform (https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow). I guess it now depends on the detailed requirements of your application whether it could be an option for you to use.