I want to integrate Multi Factor Authentication (MFA) through Azure Active Directory (AD) B2C in my website built in PHP
only for authentication purpose,
I checked its documentation and some code samples, I have created following things from its tutorial which mentioned here https://docs.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-tenant
- Azure AD B2C tenant
- Register a web application (reply URL is
https://jwt.ms
) - Create a sign-up and sign-in user flow / password reset user flow
I tested sign-up/sign-in user flow and password reset user flow by URL provided from Azure Portal with heading Run user flow end point ►
, and its working perfect as expected, and on successful response I got a JWT token, which contains information like this:
But I am not sure that what I have planned is correct according to standard,
My planning is like this - I will give an option in user profile section to enable/disable MFA, So if an user enables MFA, then on next login, after successful authentication (through email and password stored in database), user will be redirected to a MFA page, On MFA page there are 2 buttons, Sign up/Sign in and Forgot Password,
Sign up/Sign in - this button have link created by "Sign up and Sign in" user flow at Azure AD B2C - User flows (policies),
Forgot Password - this button have link created by "Password reset" user flow at Azure AD B2C - User flows (policies), - I need to added this because, the Forgot Password link in Sign up/Sign in not working as intended, It will redirected on Reply Url, with some information and a message like this
AADB2C90118: The user has forgotten their password
In both user flows I enabled MFA, So on successful MFA, I will redirect user to dashboard in my website, Otherwise user will remain on MFA page,
I explained my planning, please suggest me, if am I doing something wrong in Sign up/Sign in or Forgot Password flow? Or if I can make it better,
For decode JWT token in PHP, I am breaking it on
.
and usingbase64_decode()
to extract data, Is it good to decode it manually? Also please let me know how can I validate it?
Any help or suggestions will helpful for me,
Thanks in advance,