We would like to enable the following scenario :
user can login to a web application leveraging Azure AD B2C as the identity provider.
user can also interact with a bot on FB messenger (built on MS Bot Framework). He is asked to log in so that we can get him an access token for subsequent web api calls.
user has access to a persistent menu on his FB messenger where he can navigate to some pages of the actual web site and be logged in straight away.
I have the following question :
Could Azure AD B2C be used in conjunction with Facebook Account Linking ? Could not find any samples... What I am doing now : in the FB login button, I pass a link to one of my bot server controller method as a level of indirection. Then in this method, I get the redirect Uri and account linking token that FB is adding to the url and then do a redirect to my B2C policy url passing these 2 arguments in the state and my own redirect Uri (not the one from FB). This way, once authentication is done, b2c redirects to my bot where I rebuilt the callback to fb url. Any security concern with this approach?
Thx !
