Azure B2C OpenID delegate authentication to Azure AD

0
votes

I followed this tutorial https://victorvillarv.com/en/2019/08/28/how-to-create-an-azure-ad-b2c-directory-and-enable-openid-to-delegate-authentication/

to delegate the authentication of my B2C Users back to Azure AD, where the users were created. Microsoft announced the new urls with 2bclogin.com.

My Azure Domain and my B2C Domain are the same domain: b2ctestexample.onmicrosoft.com in this tenant I opened a new B2C Azure AD

Will this still be working if I add an identity Provider in Azure B2C App with the url: https://login.microsoftonline.com/b2ctestexample.onmicrosoft.com/.well-known/openid-configuration? after the 4th of December? (when it's deprecated)

I configured some Claim Policy Mapping and AD Extensionattributes in an App in the AAD (not B2C) which will be passed in the OAuth ID Token, and I need these when logging in. Can I pass them over to the B2C Apps?

Thanks, Patrick

1
azureauthenticationazure-active-directoryopenidazure-ad-b2c

1 Answers

0
votes

Yes, it will work for a while until it is retired, the doc mentions that the existing tenants need to move onto B2Clogin.com before that date, and all functionality will remain the same on the B2Clogin.com endpoint. To avoid any future disruption on your service it is recommended to change to new URL while both URL's are working.

Regarding openId-configuration, a B2C application should use new url https://your-tenant-name.b2clogin.com/tfp/your-tenant-ID/policyname/v2.0/.well-known/openid-configuration as per this reference. so that your application can get right information that is applicable for the policy name passed in the URL.