Login API in Azure AD B2C using custom policies
This guide will describe how to use Azure AD B2C's custom policies to automatically create and log users in using Vipps MobilePay. The custom policy implementation will provide the user initiated login from a website.
With Azure AD B2C's custom policies, merchants can implement a Vipps login flow by using Vipps as an identity provider. Other identity providers can be configured to correspond to the same user in Azure AD B2C as Vipps MobilePay. For more details on creating custom policies with identity providers in Azure AD B2C, see References.
Note: Azure AD B2C provides preconfigured user flows that can be used to authenticate, create, and log in users. This will however not provide any user information like name, email, etc. To achieve this, a custom policy must be provided.
Register a web application. For testing in the Azure portal it is necessary to enable ID token implicit grant.
Create a test unit in the Merchant portal.
- Save the
client_secretfor use in later steps.
- Set the Token endpoint authentication method to
- Add the following redirect URI to the list of callback URIs, and replace
yourtenantnamewith the name of your tenant.
- Save the
Custom policy template
To implement Vipps login as a custom policy, you must download the modified version of the Azure AD B2C Custom Policy starter pack. The provided files consist of the essential elements for registration and login using Vipps as an identity provider.
Download the following files:
TrustFrameworkBase.xml - A few modifications are required.
TrustFrameworkLocalization.xml - A few modifications are required.
SignUpOrSignin.xml - A few modifications are required.
To make the custom policy work with your Azure AD B2C tenant, all files must have all instances of
yourtenantid replaced by the name of your tenant. For example:
Client ID and secret
To configure the client ID, locate the
<TechnicalProfile Id="Vipps-OpenIdConnect"> in the
TrustFrameworkExtentions file. Under
<Metadata>, locate the
<Item Key="client_id"> field and enter the client ID of your test unit.
Also, enter your Merchant Serial number in the field
Create a policy key
To create a policy key, follow the steps in the Create a policy key section in the Generic OpenID Connect documentation. Under
<CryptographicKeys>, enter the name of your policy key.
<Key Id="client_secret" StorageReferenceId="B2C_1A_VippsSecret"/>
Scope defines the information you are requesting from the users. The
openid scope must be specified, but the Vipps custom policy template also supports
phoneNumber. These attributes will be used to create a user in Azure AD B2C.
Additional scopes can be added, by adding them to TrustFrameworkExtensions.xml and SignUpOrSignin.xml.
You must change the comments
<!-- Vipps environment --> in TrustFrameworkExtensions.xml to the environment you are using. This could be either
api.vipps.no (Prod) or
Upload the policy
Select the Identity Experience Framework menu in your B2C tenant in the Azure portal.
Select Upload custom policy.
In this order, upload the policy files:
To test the policy, select B2C_1A_signup_signin, select the web application you wish to test, specify a Reply URL (for example, https://jwt.ms), and click Run Now. The Reply URL will be the page the user is sent to after a successful login.
Sequence Diagram of the flow implementation
Creating a custom policy:
- Azure AD B2C custom policy overview
- Create user flows and custom policies in Azure Active Directory B2C
- Set up sign-up and sign-in with generic OpenID Connect using Azure Active Directory B2C
Calling a REST API using a custom policy:
- Define a RESTful technical profile in an Azure Active Directory B2C custom policy
- Call a REST API by using Azure Active Directory B2C custom policy