Username not email address using Resource Owner Password Credentials in Azure AD B2C

0
votes

I wonder if it is possible to use username like john.smith instead of [email protected] in Resource Owner Password Credentials in Azure AD B2C.

https://docs.microsoft.com/en-gb/azure/active-directory-b2c/configure-ropc

For example like below:

https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/oauth2/v2.0/token?p=B2C_1_ROPC_Auth

Content-Type: application/x-www-form-urlencoded
username=john.smit&password=mypassword&grant_type=password&scope=openid myappId offline_access&client_id=myappId&response_type=token+id_token

All users are my firm's employees. We will import user data into azure AD before using B2C.

Any idea on how to setup?

Update

Ideally, we don't want to append @myfirm.com before sending it to B2C.

Update 2

Do the two links below only apply for external identity provider, like Facebook, not company azure AD?

What are the difference between these two links?

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-user-migration

Again, Can I use Microsoft Graph API instead of Azure AD Graph API?

https://docs.microsoft.com/en-us/graph/overview?toc=./toc.json&view=graph-rest-1.0

1
azureazure-active-directoryazure-ad-b2c
If the domain is always same, you could have the user enter john.smith and then send [email protected] to B2C?juunas
it is only option I have. But ideally, it is supported by B2C which avoids the coding on our part.Pingpong

1 Answers

1
votes

If you create a local account using the Azure AD Graph API in the Azure AD B2C directory using both emailAddress and userName sign-in name types, then users can sign in using either sign-in name value via the resource owner (or other sign-in) flow:

{
  "accountEnabled": true,
  "creationType": "LocalAccount",
  "displayName": "John Smith",
  "passwordProfile": {
    "password": "Test1234",
    "forceChangePasswordNextLogin": false
  },
  "signInNames": [
    {
      "type": "userName",
      "value": "john.smith"
    },
    {
      "type": "emailAddress",
      "value": "[email protected]"
    }
  ]
}