I was wondering if anyone has some real-life information on Azure B2C performance in production with thousands of customers registered. We got a task to create a new system based on an old one which contains 100 000 customer profiles. As such we would like to use B2C to store and query profile data.
How is the B2C performance for up to 100 000 profiles when it comes to:
- JWT-token generation and validation
- Using graph api to filter on built-in and extended fields (especially string filtering like startsWith)
If the filtering performance is poor for such many profiles, is there a way to increase it? Like a way to group profiles via some tag info or similar?
CodePudding user response:
i don't have a bench, but for sure you should check the service limits here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/service-limits.
Those for sure would impact the "JWT Generation" since this happens inside a user journey and every interaction with the underlying tenant counts as a request. The "JWT Generation" performance could also vary depending on your user journey complexity: if you are using the Identity Experience Framework to create a custom User Journey, every Orchestration Step will take time to execute so your users will wait for the journey to complete prior to getting a token. So more Orchestration Steps equals more waiting time, especially if you use Restful Technical Profiles which involve third-party services.
I don't get the "JWT Validation" part: AAD B2C doesn't validate your JWTs, it just issues them. Your application or API should validate them.
About the Graph API queries, the performance are usually good. You're using the underlying AAD tenant which is an enterprise-grade service so such queries are pretty common. Doublecheck if the fields you want to filter on support the function you want to use since not all fields support all the functions. Also keep in mind that even the Microsoft Graph API has limits: https://docs.microsoft.com/en-us/graph/throttling and you should keep them in mind.
If you plan to use your AAD B2C tenant as a database and continuously query it for extracting info, probably you're using it wrong.
Regards, F.
CodePudding user response:
Have a look at Azure Active Directory B2C service limits and restrictions.
The following end-user related service limits apply to all authentication and authorization protocols supported by Azure AD B2C, including SAML, Open ID Connect, OAuth2, and ROPC.
Category Limit Number of requests per IP address per Azure AD B2C tenant 6,000/5min Total number of requests per Azure AD B2C tenant 12,000/min The number of requests can vary depending on the number of directory reads and writes that occur during the Azure AD B2C user journey. For example, a simple sign-in journey that reads from the directory consists of 1 request. If the sign-in journey must also update the directory, this operation is counted as an additional request.
EDIT:
Also, see this:
Azure AD B2C is a customer identity access management (CIAM) solution capable of supporting millions of users and billions of authentications per day. It takes care of the scaling and safety of the authentication platform, monitoring, and automatically handling threats like denial-of-service, password spray, or brute force attacks.
This quote, taken from What is Azure Active Directory B2C?, shows us two things:
- Performance shouldn't be an issue
- AAD B2C is an identity solution, not a user profile solution