Azure AD B2C + App Service + Functions : How to flow the auth?

Question

I have a Web App (VueJS + ASP .NET Core backend) hosted on Azure App Service and I use Azure AD B2C for authentication. I also have a Functions App that I want to call from the client code but I’m not sure what’s the best way to flow the auth to the Functions.

I can register the Functions App in B2C and set Easy Auth but how do I flow the already authenticated user from the client to the Function?
I can create a custom JWT token and be done with it but is it possible to flow a B2C token to the Function? If so, how do I validate the token?

Can you check markheath.net/post/secure-azure-functions-app-easy-auth-adb2c — Ramakrishna
You should do server to server call from your .net core backend to your function app using on behalf of: docs.microsoft.com/en-us/azure/active-directory/develop/…. Problem with client app is that token is stored in browser so not secure. — Thomas
@Ramakrishna I saw this article before but his scenario is different: "The way we’re going to make our single page app magically work with our back end functions is for both the static content and the functions to be served up by our function app." — CSharpRocks
@Thomas In my case, server-to-server would just add an extra step and superfluous complexity. I'd rather code the API right in the backend and forget about the Functions. — CSharpRocks
Yeah if the API is just used by your application just do one backend, it makes sense — Thomas

Ramakrishna Ramakrishna · Accepted Answer · 2019-03-06T13:46:55

If Easy Auth didn't work for you, there is a workaround and yes it is a manual task.

Send B2C token in header while calling Azure Function
Read the token at the function level and validate the JWT token.
You can easily validate JWT token by decoding/ writing simple code
Check Validate JWT SO post

This manual validation also secure and safe to use.

Azure AD B2C + App Service + Functions : How to flow the auth?

2 Answers