We've created a website which uses ADB2C for authentication. We've used custom policies to define auth flows such as SignUpSignIn, PasswordReset etc.
We need to support the use case where a user might not have JavaScript enabled. I see that some identity providers do this (Facebook, Amazon).
What options are there for providing no-js authentication flows using ADB2C?
We've been looking at this, which makes use of some logic in the web application, a self issued JWT and some clever custom policies and technical profiles. It looks promising. Are there any other ways to achieve a no-js authentication experience with ADB2C?
CodePudding user response:
You could build a site that provides pages to B2C using OpenID Connect.
Instead of B2C showing a self asserted page it would redirect to your site using OpenID Connect, your site would show the UI and then return a token to B2C containing the captured data, B2C would then use that data and produce its own token back to the relying party.
As far as I know there's currently no way to run a B2C self asserted page without JavaScript due to the way the page loads its content.
CodePudding user response:
I don't think without JavaScript enabled in browser, user flow or custom policy will work. If JavaScript is disabled, then may using ROPC flow will help you to achieve the use cases, but before choosing ROPC please read the article and make a decision. ROPC work only with Local accounts