Azure AD B2C integration

Azure Active Directory B2C (Azure AD B2C) is a customer identity access management (CIAM) solution that enables you to sign up and sign in your end users into your apps and APIs.

# MIRACL Trust Application setup

An application on the MIRACL Trust platform is required for the external identity provider in the Azure AD B2C platform. Learn how to register a new app here.

Note that when creating an app in the MIRACL Trust Portal, you need to fill in the Redirect URL, which Azure AD B2C and its identity provider pregenerates. It should look similar to https://miraclb2c.b2clogin.com/miraclb2c.onmicrosoft.com/oauth2/authresp.

Note also you need to keep a copy of the Client Secret Key. You need it to configure your custom identity provider. Learn more about App Keys here.

# User application in Azure AD B2C

As a prerequisite, you need to have a web application ready in Azure AD B2C. How to create one from scratch is described here.

# Configure custom IDP with OpenID Connect

A new identity provider needs to be created. To do so, look for the Identity Providers section in the menu on the left. Then click New OpenID Connect Provider. You can find a detailed guide on how to create a generic identity provider in Azure AD B2C here. You need to populate the following fields with values as follows:

  • Name - Fill in the desired name.
  • Metadata URL - https://api.mpin.io/.well-known/openid-configuration
  • Client ID - Fill in the Client ID you received from the MIRACL Trust Application setup.
  • Client Secret - Fill in the Client Secret you received from the MIRACL Trust Application setup.
  • Scope - fill in with openid email profile (space separated values).
  • Response type - code.
  • Response mode - form_post.
  • User ID - sub.
  • Display name - email.

# Configure User Flows

Next you need to create a User Flow for your authentication. How to do it is described here. You need to choose a user flow type, select either Sign up and sign in or Sign up and Sign in separately, depending of your requirements. Details in the configuration are up to you. Here you need to specify the identity provider, created in the previous step in the Custom identity providers section of the User Flow.