Skip to main content

Login API in Azure AD B2C using custom policies

This guide will describe how to use Azure AD B2C's custom policies to automatically create and log users in using Vipps MobilePay. The custom policy implementation will provide the user initiated login from a website.

With Azure AD B2C's custom policies, merchants can implement a Login flow by using Vipps MobilePay as an identity provider. Other identity providers can be configured to correspond to the same user in Azure AD B2C as Vipps MobilePay. For more details on creating custom policies with identity providers in Azure AD B2C, see References.

Note: Azure AD B2C provides preconfigured user flows that can be used to authenticate, create, and log in users. This will however not provide any user information like name, email, etc. To achieve this, a custom policy must be provided.


  • Create an Azure AD B2C tenant.

  • Register a web application. For testing in the Azure portal it is necessary to enable ID token implicit grant.

  • Create a test unit in the Merchant portal.

    • Save the client_id and client_secret for use in later steps.
    • Set the Token endpoint authentication method to client_secret_post.
    • Add the following redirect URI to the list of callback URIs, and replace yourtenantname with the name of your tenant.

Custom policy template

To implement Login as a custom policy, you must download the modified version of the Azure AD B2C Custom Policy starter pack. The provided files consist of the essential elements for registration and login using Vipps MobilePay as an identity provider.

Download the following files:

To make the custom policy work with your Azure AD B2C tenant, all files must have all instances of yourtenantid replaced by the name of your tenant. For example:

Client ID and secret

To configure the client ID, locate the <TechnicalProfile Id="Vipps-OpenIdConnect"> in the TrustFrameworkExtentions file. Under <Metadata>, locate the <Item Key="client_id"> field and enter the client ID of your test unit.

Also, enter your Merchant Serial number in the field <Item Key="Merchant-Serial-Number">.

Create a policy key

To create a policy key, follow the steps in the Create a policy key section in the Generic OpenID Connect documentation. Under <CryptographicKeys>, enter the name of your policy key.

For example: <Key Id="client_secret" StorageReferenceId="B2C_1A_VippsSecret"/>


Scope defines the information you are requesting from the users. The openid scope must be specified, but the custom policy template also supports name, email, and phoneNumber. These attributes will be used to create a user in Azure AD B2C.

Additional scopes can be added, by adding them to TrustFrameworkExtensions.xml and SignUpOrSignin.xml.


You must change the comments <!-- Vipps environment --> in TrustFrameworkExtensions.xml to the environment you are using. This could be either (Prod) or (Test).

Upload the policy

  1. Select the Identity Experience Framework menu in your B2C tenant in the Azure portal.

  2. Select Upload custom policy.

  3. In this order, upload the policy files:

    a. TrustFrameworkBase.xml

    b. TrustFrameworkLocalization.xml

    c. TrustFrameworkExtensions.xml

    d. SignUpOrSignin.xml

To test the policy, select B2C_1A_signup_signin, select the web application you wish to test, specify a Reply URL (for example,, and click Run Now. The Reply URL will be the page the user is sent to after a successful login.

Sequence Diagram of the flow implementation


Creating a custom policy:

Calling a REST API using a custom policy:


Help us improve our documentation

Did you find what you were looking for?