Azure B2C — Sign In Using REST API Call

Microsoft’s Azure B2C is an Identity Access Management service getting popular these days. Azure B2C helps manage identity of users which in turn helps in authorized access to resources.

Recently I encountered a strange requirement to identify users using a REST API call. This means the user data (username/password) do not reside in Azure B2C but in some external system outside B2C.

User enters the username/password and a REST API is called to validate the same instead of validating the usual way i.e., against data stored in B2C or against other Single Sign-On options (like Google, Facebook etc.) REST API will respond with a “Success” message if username/password in the body section is correct else a “Failed” message. Once the validation is successful, an identity token is returned by B2C which can then be made use of the code.

As I could find no resources in web to achieve this scenario, thought I would share how I achieved this.

Technical Profiles

User Journey

Here is the link to all the policies I used.