Invite user once created in the AD B2C to sign on my app

1
votes

I have this scenario working properly on ADB2C following this tutorial I can create users using ADAL. (here is the context for the scenario)

My goal is to send user invitation (email) to get him on board on my appp.

I found that on graph.microsoft.com (the MS Graph and not the AD graph) there is the invitation manager that can be used for that purpose and may be is the way that invitation gets triggered if you create user on the B2C azure portal.

  • So Do I need to give permissions to my app (the same way I did to get access token on AD graph to manage users) ?

  • Should I acquire the token on the MS graph the same way I did for AD

    var authenticationContext = new AuthenticationContext(AuthString, false);
    var clientCred = new ClientCredential(ClientId, ClientSecret);
    var authenticationResult = authenticationContext.AcquireTokenAsync(ResourceUrl, clientCred);
    var token = authenticationResult.Result.AccessToken;

    Where this time ResourceUrl point to https://graph.microsoft.com

Here is my OwinOpenID AuthenticationCodeReceived callback:

AuthorizationCodeReceived = async (context) =>
{
    // get authentication context
    string userObjectID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
    AuthenticationContext authContext = new AuthenticationContext($"https://login.microsoftonline.com/{AuthenticationHelper.Tenant}", new NaiveSessionCache(userObjectID));


    ClientCredential credential = new ClientCredential(AuthenticationHelper.ClientId, AuthenticationHelper.AppKey);
    AuthenticationResult result = await authContext.AcquireTokenAsync("https://graph.windows.net", credential);
    // ----> Token used on the authorization header for AD user management and work properly
    AuthenticationHelper.Token = result.AccessToken;


    // Token for MS graph
    ClientCredential MSCredential = new ClientCredential(AuthenticationHelper.MSClientId, AuthenticationHelper.MSAppKey);
    AuthenticationResult resultMSGraph = await authContext.AcquireTokenAsync("https://graph.microsoft.com", MSCredential);
    // ----> Token used on the authorization header for MS Graph and is not working !!
    AuthenticationHelper.MSGraphToken = resultMSGraph.AccessToken;
},

Thanks for your help

1
azureazure-ad-b2c

1 Answers

7
votes

The invitation manager API on the Microsoft Graph is not supported for Azure AD B2C. At this time, the invitation manager API is intended for enterprise/regular Azure AD tenants to invite other users as guests (see Azure AD B2B Collaboration).

There is already an entry in the Azure AD B2C UserVoice forum asking for the ability to send email invitation for new users to sign up. I'd recommend you vote for this entry to help us prioritize it and also to stay up to date on it's progress.

In the interim, you'll have to implement this yourself, either a simple welcome email or a more complex "redeem code" workflow.