we want to check user credentials in a server process against a Azure Active B2C instance. This is working using the resource owner password credentials flow. However, the documentation states that this flow isn't supported:
Server-to-server - The identity protection system needs a reliable IP address gathered from the caller (the native client) as part of the interaction. In a server-side API call, only the server’s IP address is used. If too many sign-ins fail, the identity protection system may look at a repeated IP address as an attacker.
My questions are:
- Is there a way to disable the identity protection system checks in this scenario?
- Is there another way to validate user credentials against Azure Active Directory B2C from a background process (without user interaction) ?