Azure AD - Sign Up without B2C











up vote
1
down vote

favorite
1












I've been messing around with MSAL having previously used ADAL for sign up & secure API calls within AAD



I have a user case now requiring sign up and sign in but bafflingly MSAL - even tho there's a method for returning user name - is incapable currently of returning you anything about the user from the B2C token



The workaround seems horribly contrived so I'm considering abandoning MSAL and going back to ADAL or other providing the Sign Up or Sign in is also available



Can anyone recommend me a library or method of achieving Sign Up directly into AAD using ADAL or other please?










share|improve this question


























    up vote
    1
    down vote

    favorite
    1












    I've been messing around with MSAL having previously used ADAL for sign up & secure API calls within AAD



    I have a user case now requiring sign up and sign in but bafflingly MSAL - even tho there's a method for returning user name - is incapable currently of returning you anything about the user from the B2C token



    The workaround seems horribly contrived so I'm considering abandoning MSAL and going back to ADAL or other providing the Sign Up or Sign in is also available



    Can anyone recommend me a library or method of achieving Sign Up directly into AAD using ADAL or other please?










    share|improve this question
























      up vote
      1
      down vote

      favorite
      1









      up vote
      1
      down vote

      favorite
      1






      1





      I've been messing around with MSAL having previously used ADAL for sign up & secure API calls within AAD



      I have a user case now requiring sign up and sign in but bafflingly MSAL - even tho there's a method for returning user name - is incapable currently of returning you anything about the user from the B2C token



      The workaround seems horribly contrived so I'm considering abandoning MSAL and going back to ADAL or other providing the Sign Up or Sign in is also available



      Can anyone recommend me a library or method of achieving Sign Up directly into AAD using ADAL or other please?










      share|improve this question













      I've been messing around with MSAL having previously used ADAL for sign up & secure API calls within AAD



      I have a user case now requiring sign up and sign in but bafflingly MSAL - even tho there's a method for returning user name - is incapable currently of returning you anything about the user from the B2C token



      The workaround seems horribly contrived so I'm considering abandoning MSAL and going back to ADAL or other providing the Sign Up or Sign in is also available



      Can anyone recommend me a library or method of achieving Sign Up directly into AAD using ADAL or other please?







      azure-active-directory adal msal






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 7 at 12:36









      Journeyman1234

      318




      318
























          2 Answers
          2






          active

          oldest

          votes

















          up vote
          1
          down vote














          is incapable currently of returning you anything about the user from
          the B2C token




          ADAL supports for v1 endpoint.B2C uses v2 endpoint, and the MSAL is designed to support v2, so you could not use ADAL for the B2C Sign Up. If you want to get user information in the token, suggest you use the OpenId Connect. In the OpenId Connect, the id_token includes the user information.



          You could use jwt.io to parse the id_token, and you could find username in the id_token:



          enter image description here



          For the details about OpenId Connect in B2C, please read here.






          share|improve this answer























          • Thank you. I did find a long winded way of doing what I want but it meant embedding a client secret in my app, amazingly that's the recommended way of doing it!
            – Journeyman1234
            Nov 8 at 9:03






          • 1




            You are welcome. Later if there is anything update, please let me know, thanks!
            – SunnySun
            Nov 8 at 9:18










          • @Journeyman1234 Are you adding the client_secret key to your app code to retrieve the bearer token?
            – DeanB_Develop
            Nov 8 at 12:34










          • @DeanB_Develop - yes, which just feels wrong. But it works. So what happens is my user authenticates using MSAL and retrieves a token. I then make a call to the AAD GraphAPI (which is where the secret comes in) to return me a user matching the unique ID of the token
            – Journeyman1234
            Nov 8 at 15:49










          • Have you tried to use this.authService.acquireTokenSilent(...) ? This returns a bearertoken than can be used by the API and doesn't require a client_secret. Using a client-secret is good for Get access without a user or oAuth 2.0 auth code grant. However, in this case, you're using a signed-in user and OpenID Connect (this.authService.acquireTokenSilent) will work. I hope.
            – DeanB_Develop
            Nov 9 at 15:42


















          up vote
          0
          down vote













          ADAL and MSAL are incompatible



          MSAL doesn't support Graph



          OpenID Connect needs an authorisation code so isn't appropriate for the workflow



          The answer I figured out was to install ADAL into my API, then when the user logs in on the app send securely the GUID from the token to the API which can then communicate with the Graph and return user profile info






          share|improve this answer





















            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














             

            draft saved


            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53189620%2fazure-ad-sign-up-without-b2c%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            1
            down vote














            is incapable currently of returning you anything about the user from
            the B2C token




            ADAL supports for v1 endpoint.B2C uses v2 endpoint, and the MSAL is designed to support v2, so you could not use ADAL for the B2C Sign Up. If you want to get user information in the token, suggest you use the OpenId Connect. In the OpenId Connect, the id_token includes the user information.



            You could use jwt.io to parse the id_token, and you could find username in the id_token:



            enter image description here



            For the details about OpenId Connect in B2C, please read here.






            share|improve this answer























            • Thank you. I did find a long winded way of doing what I want but it meant embedding a client secret in my app, amazingly that's the recommended way of doing it!
              – Journeyman1234
              Nov 8 at 9:03






            • 1




              You are welcome. Later if there is anything update, please let me know, thanks!
              – SunnySun
              Nov 8 at 9:18










            • @Journeyman1234 Are you adding the client_secret key to your app code to retrieve the bearer token?
              – DeanB_Develop
              Nov 8 at 12:34










            • @DeanB_Develop - yes, which just feels wrong. But it works. So what happens is my user authenticates using MSAL and retrieves a token. I then make a call to the AAD GraphAPI (which is where the secret comes in) to return me a user matching the unique ID of the token
              – Journeyman1234
              Nov 8 at 15:49










            • Have you tried to use this.authService.acquireTokenSilent(...) ? This returns a bearertoken than can be used by the API and doesn't require a client_secret. Using a client-secret is good for Get access without a user or oAuth 2.0 auth code grant. However, in this case, you're using a signed-in user and OpenID Connect (this.authService.acquireTokenSilent) will work. I hope.
              – DeanB_Develop
              Nov 9 at 15:42















            up vote
            1
            down vote














            is incapable currently of returning you anything about the user from
            the B2C token




            ADAL supports for v1 endpoint.B2C uses v2 endpoint, and the MSAL is designed to support v2, so you could not use ADAL for the B2C Sign Up. If you want to get user information in the token, suggest you use the OpenId Connect. In the OpenId Connect, the id_token includes the user information.



            You could use jwt.io to parse the id_token, and you could find username in the id_token:



            enter image description here



            For the details about OpenId Connect in B2C, please read here.






            share|improve this answer























            • Thank you. I did find a long winded way of doing what I want but it meant embedding a client secret in my app, amazingly that's the recommended way of doing it!
              – Journeyman1234
              Nov 8 at 9:03






            • 1




              You are welcome. Later if there is anything update, please let me know, thanks!
              – SunnySun
              Nov 8 at 9:18










            • @Journeyman1234 Are you adding the client_secret key to your app code to retrieve the bearer token?
              – DeanB_Develop
              Nov 8 at 12:34










            • @DeanB_Develop - yes, which just feels wrong. But it works. So what happens is my user authenticates using MSAL and retrieves a token. I then make a call to the AAD GraphAPI (which is where the secret comes in) to return me a user matching the unique ID of the token
              – Journeyman1234
              Nov 8 at 15:49










            • Have you tried to use this.authService.acquireTokenSilent(...) ? This returns a bearertoken than can be used by the API and doesn't require a client_secret. Using a client-secret is good for Get access without a user or oAuth 2.0 auth code grant. However, in this case, you're using a signed-in user and OpenID Connect (this.authService.acquireTokenSilent) will work. I hope.
              – DeanB_Develop
              Nov 9 at 15:42













            up vote
            1
            down vote










            up vote
            1
            down vote










            is incapable currently of returning you anything about the user from
            the B2C token




            ADAL supports for v1 endpoint.B2C uses v2 endpoint, and the MSAL is designed to support v2, so you could not use ADAL for the B2C Sign Up. If you want to get user information in the token, suggest you use the OpenId Connect. In the OpenId Connect, the id_token includes the user information.



            You could use jwt.io to parse the id_token, and you could find username in the id_token:



            enter image description here



            For the details about OpenId Connect in B2C, please read here.






            share|improve this answer















            is incapable currently of returning you anything about the user from
            the B2C token




            ADAL supports for v1 endpoint.B2C uses v2 endpoint, and the MSAL is designed to support v2, so you could not use ADAL for the B2C Sign Up. If you want to get user information in the token, suggest you use the OpenId Connect. In the OpenId Connect, the id_token includes the user information.



            You could use jwt.io to parse the id_token, and you could find username in the id_token:



            enter image description here



            For the details about OpenId Connect in B2C, please read here.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Nov 8 at 5:15

























            answered Nov 8 at 3:30









            SunnySun

            818116




            818116












            • Thank you. I did find a long winded way of doing what I want but it meant embedding a client secret in my app, amazingly that's the recommended way of doing it!
              – Journeyman1234
              Nov 8 at 9:03






            • 1




              You are welcome. Later if there is anything update, please let me know, thanks!
              – SunnySun
              Nov 8 at 9:18










            • @Journeyman1234 Are you adding the client_secret key to your app code to retrieve the bearer token?
              – DeanB_Develop
              Nov 8 at 12:34










            • @DeanB_Develop - yes, which just feels wrong. But it works. So what happens is my user authenticates using MSAL and retrieves a token. I then make a call to the AAD GraphAPI (which is where the secret comes in) to return me a user matching the unique ID of the token
              – Journeyman1234
              Nov 8 at 15:49










            • Have you tried to use this.authService.acquireTokenSilent(...) ? This returns a bearertoken than can be used by the API and doesn't require a client_secret. Using a client-secret is good for Get access without a user or oAuth 2.0 auth code grant. However, in this case, you're using a signed-in user and OpenID Connect (this.authService.acquireTokenSilent) will work. I hope.
              – DeanB_Develop
              Nov 9 at 15:42


















            • Thank you. I did find a long winded way of doing what I want but it meant embedding a client secret in my app, amazingly that's the recommended way of doing it!
              – Journeyman1234
              Nov 8 at 9:03






            • 1




              You are welcome. Later if there is anything update, please let me know, thanks!
              – SunnySun
              Nov 8 at 9:18










            • @Journeyman1234 Are you adding the client_secret key to your app code to retrieve the bearer token?
              – DeanB_Develop
              Nov 8 at 12:34










            • @DeanB_Develop - yes, which just feels wrong. But it works. So what happens is my user authenticates using MSAL and retrieves a token. I then make a call to the AAD GraphAPI (which is where the secret comes in) to return me a user matching the unique ID of the token
              – Journeyman1234
              Nov 8 at 15:49










            • Have you tried to use this.authService.acquireTokenSilent(...) ? This returns a bearertoken than can be used by the API and doesn't require a client_secret. Using a client-secret is good for Get access without a user or oAuth 2.0 auth code grant. However, in this case, you're using a signed-in user and OpenID Connect (this.authService.acquireTokenSilent) will work. I hope.
              – DeanB_Develop
              Nov 9 at 15:42
















            Thank you. I did find a long winded way of doing what I want but it meant embedding a client secret in my app, amazingly that's the recommended way of doing it!
            – Journeyman1234
            Nov 8 at 9:03




            Thank you. I did find a long winded way of doing what I want but it meant embedding a client secret in my app, amazingly that's the recommended way of doing it!
            – Journeyman1234
            Nov 8 at 9:03




            1




            1




            You are welcome. Later if there is anything update, please let me know, thanks!
            – SunnySun
            Nov 8 at 9:18




            You are welcome. Later if there is anything update, please let me know, thanks!
            – SunnySun
            Nov 8 at 9:18












            @Journeyman1234 Are you adding the client_secret key to your app code to retrieve the bearer token?
            – DeanB_Develop
            Nov 8 at 12:34




            @Journeyman1234 Are you adding the client_secret key to your app code to retrieve the bearer token?
            – DeanB_Develop
            Nov 8 at 12:34












            @DeanB_Develop - yes, which just feels wrong. But it works. So what happens is my user authenticates using MSAL and retrieves a token. I then make a call to the AAD GraphAPI (which is where the secret comes in) to return me a user matching the unique ID of the token
            – Journeyman1234
            Nov 8 at 15:49




            @DeanB_Develop - yes, which just feels wrong. But it works. So what happens is my user authenticates using MSAL and retrieves a token. I then make a call to the AAD GraphAPI (which is where the secret comes in) to return me a user matching the unique ID of the token
            – Journeyman1234
            Nov 8 at 15:49












            Have you tried to use this.authService.acquireTokenSilent(...) ? This returns a bearertoken than can be used by the API and doesn't require a client_secret. Using a client-secret is good for Get access without a user or oAuth 2.0 auth code grant. However, in this case, you're using a signed-in user and OpenID Connect (this.authService.acquireTokenSilent) will work. I hope.
            – DeanB_Develop
            Nov 9 at 15:42




            Have you tried to use this.authService.acquireTokenSilent(...) ? This returns a bearertoken than can be used by the API and doesn't require a client_secret. Using a client-secret is good for Get access without a user or oAuth 2.0 auth code grant. However, in this case, you're using a signed-in user and OpenID Connect (this.authService.acquireTokenSilent) will work. I hope.
            – DeanB_Develop
            Nov 9 at 15:42












            up vote
            0
            down vote













            ADAL and MSAL are incompatible



            MSAL doesn't support Graph



            OpenID Connect needs an authorisation code so isn't appropriate for the workflow



            The answer I figured out was to install ADAL into my API, then when the user logs in on the app send securely the GUID from the token to the API which can then communicate with the Graph and return user profile info






            share|improve this answer

























              up vote
              0
              down vote













              ADAL and MSAL are incompatible



              MSAL doesn't support Graph



              OpenID Connect needs an authorisation code so isn't appropriate for the workflow



              The answer I figured out was to install ADAL into my API, then when the user logs in on the app send securely the GUID from the token to the API which can then communicate with the Graph and return user profile info






              share|improve this answer























                up vote
                0
                down vote










                up vote
                0
                down vote









                ADAL and MSAL are incompatible



                MSAL doesn't support Graph



                OpenID Connect needs an authorisation code so isn't appropriate for the workflow



                The answer I figured out was to install ADAL into my API, then when the user logs in on the app send securely the GUID from the token to the API which can then communicate with the Graph and return user profile info






                share|improve this answer












                ADAL and MSAL are incompatible



                MSAL doesn't support Graph



                OpenID Connect needs an authorisation code so isn't appropriate for the workflow



                The answer I figured out was to install ADAL into my API, then when the user logs in on the app send securely the GUID from the token to the API which can then communicate with the Graph and return user profile info







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 12 at 15:54









                Journeyman1234

                318




                318






























                     

                    draft saved


                    draft discarded



















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53189620%2fazure-ad-sign-up-without-b2c%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    這個網誌中的熱門文章

                    Xamarin.form Move up view when keyboard appear

                    Post-Redirect-Get with Spring WebFlux and Thymeleaf

                    Anylogic : not able to use stopDelay()