0
votes

we want to check user credentials in a server process against a Azure Active B2C instance. This is working using the resource owner password credentials flow. However, the documentation states that this flow isn't supported:

Server-to-server - The identity protection system needs a reliable IP address gathered from the caller (the native client) as part of the interaction. In a server-side API call, only the server’s IP address is used. If too many sign-ins fail, the identity protection system may look at a repeated IP address as an attacker.

My questions are:

  • Is there a way to disable the identity protection system checks in this scenario?
  • Is there another way to validate user credentials against Azure Active Directory B2C from a background process (without user interaction) ?
1

1 Answers

1
votes

Neither of those is possible today. If you update your question with the scenario, perhaps there can be alternative ways to accomplish it.