Authenticate user in AAD through ocp-apim-subscription-key

0
votes

here is the scenario I'm trying to achieve : An external developer comes to our website and registers in our AAD B2C and select a stripe subscription which will be linked to his account. He then goes to the Apim dev portal to register to our product. At this point when he makes a request to our backend through apim we would like him to give only his Ocp-Apim-Subscription-Key without having any other logging requirement, no login window at the beginning, or every 30 minutes because of token expiration. He would just need to put the Ocp-Apim-Subscription-Key in his config file and can automate his calls to our backend. Meaning our backend must correlate somehow his apim key to the correct AAD user.

Is it doable? thank you

1
azure-ad-b2cazure-api-management
Did you find your answer? Can you share something from what you have found here? Thanks in advance!!Sachin
Did you find your answer? Can you share something from what you have found here? Thanks in advance!!Sachin

1 Answers

2
votes

At the same time that your backend or custom B2C policy registers the user's Stripe subscription, you could use the API-M REST API to create the user and subscription. You could then store the API-M user ID and subscription ID (and subscription key) as custom attributes in AD B2C for later correlation (e.g. to deactivate or alter the API-M user/subscription when the Stripe subscription changes).

API-M REST API docs: https://docs.microsoft.com/en-us/rest/api/apimanagement/user/createorupdate

Custom B2C attributes: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-custom-attr