Firebase Authentication with Azure AD B2C

5
votes

I have a native iOS application developed in xCode/Swift that integrates the Firebase Auth SDK for registering and login of new users. The Firebase Auth system should be linked to an Azure Active Directory B2C so that:

  • new users that are created exist in both Firebase Auth and Azure AD B2C (I guess with same credentials?)
  • when a user is logged in, he/she is logged-in both in the context of the Firebase Auth and Azure AD B2C so that secure call are possible on both platforms
  • when users are deleted either on the Azure AD B2C or firebase Auth they should also be deleted on the other platform. For this I could maybe use the Firebase Functions Triggered on Auth events to sync with Azure AD B2C. For Azure AD B2C back to Firebase Auth I could foresee also a Firebase function that can be called (by Azure AD B2C) do delete a user.

enter image description here

After doing research I found that Firebase supports "custom tokens" (refer to https://firebase.google.com/docs/auth/admin/create-custom-tokens). Could this offer a solution? I do not see anything about creating new users, only authentication...

1
firebasefirebase-authentication
Can you explain your requirements more? Are you trying to have the same user in sync between Firebase Auth db and Azure AD B2C? Maybe you can authenticate the user With AD and then mint a custom token via Firebase Auth to access Firebase cloud services. However, this means that authentication will always go through AD first. - bojeil
Auth agains AD first is just what I want to avoid becuase MS Azure AD B2B does not have a native SDK; it only offers webviews to do registration/login and this is not the user experience I am looking for. Thats why I came up with the suggestion to put Firebase in front (which has a great mobile first sdk). - HixField
What type of authentication are you using with Azure AD? - bojeil
Email/pwd, facebook, google and linkedin - HixField
@HixField did you ever find a solution to this? I am developing a mobile app version of a web application that authorizes through ADB2C but I find the webview authentication and the copying of a code from an emal to be utterly ludicrous. I want to use Firebase authentication but link it to ADB2C in the way you describe. Is this possible? - SimonH

1 Answers

8
votes

Me and me team developed a solution for this exact scenario around custom tokens. Our implementation run since a couple of months on Azure and we had no problem at all yet.

Here is the flow:

enter image description here

Notes:

  1. Azure B2C can be replace by any STS.
  2. The Azure function can be replace by any backend process.

Also, the good thing is that you don't have to maintain users in Firebase since you don't create Firebase users and only use a custom token so no need to delete users.