Microsoft-authentication-library-for-dotnet: Setting the Policy when Getting the Token
Description
Using the latest 2.3 preview, I'm trying to determine how I might specify which B2C policy I want to use when getting the token for my user. For example I may want to generically allow my user to Sign Up or Sign In... I may have a flow in which my UI has a button to Sign In and thus want a Sign In Policy, or a Facebook icon that when tapped would go to a SUSI policy specific for Facebook.
I can find no mention of Policies in the Wiki, and the sample Xamarin Forms app no longer implements any policies.
What authentication flow has the issue?
* [X] Interactive (Devices)
What is the identity provider ?
- [ ] Azure AD
- [X] Azure AD B2C
If B2C, what social identity did you use? n/a
Expected behavior
Be able to specify the Policy you want to get the desired UX
Actual behavior
There is no ability to specify and as a result you get a generic Microsoft Login
Possible Solution
Add to the API to allow something like:
await pca.AquireTokenAsync(scopes, account, uiParent, "b2c_1_susi");
dansiegel
All 5 comments
@dansiegel. Which sample did you have in mind when you wrote: "the sample Xamarin Forms app no longer implements any policies" ?
I suggest you have a look at the https://github.com/Azure-Samples/active-directory-b2c-xamarin-native sample, which does show how to use B2C. See for instance https://github.com/Azure-Samples/active-directory-b2c-xamarin-native/blob/master/UserDetailsClient/UserDetailsClient.Core/MainPage.xaml.cs#L26:
AuthenticationResult ar = await App.PCA.AcquireTokenAsync(App.Scopes, GetAccountByPolicy(accounts, App.PolicySignUpSignIn), App.UiParent);
Note that in the future, we want to provide in MSAL.NET a specific experience for B2C where you would be able to execute a policy
jmprieur
on 6 Nov 2018
@jmprieur thanks for the links. It seems that in the massive updates to the docs in the v2 push, the B2C links had disappeared. It's something that needs better documentation. I was able to get my sample running with B2C.
I would still really love to see a way that we could more easily select a specific policy so that when I already have the PCA, I can invoke GetTokenAsync and get a different experience based on whether my user presses a login button, sign up button, or login with Facebook, etc...
dansiegel
on 8 Nov 2018
Thaks for the update, @dansiegel
I agree we need to improve the B2C support in MSAL.NET's conceptual documentation. We have plans to have specific APIs for B2C in MSAL.NET (no ETA yet)
@parakhj for the feedback.
Do you want to close the issue?
jmprieur
on 8 Nov 2018
Update: we've added a few pieces of doc. We explained the B2C authorities in https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Client-Applications#publicclientapplication and added a new page B2C specificities
cc: @henrik-me @henrik-me @bgavrilMS @MarkZuber @trwalke @parakhj
jmprieur
on 8 Nov 2018
Closing as we have documented the B2C specificities
jmprieur
on 20 Feb 2019
Related issues
yhvicey
路
3Comments
peombwa
路
6Comments
msminski
路
6Comments
johanalex566
路
3Comments
jmprieur
路
5Comments
Most helpful comment
Thaks for the update, @dansiegel
I agree we need to improve the B2C support in MSAL.NET's conceptual documentation. We have plans to have specific APIs for B2C in MSAL.NET (no ETA yet)
@parakhj for the feedback.
Do you want to close the issue?