Authenticating as a Service with Azure AD B2C

Question

We have setup our application using Azure AD B2C and OAuth, this works fine, however I am trying to authenticate as a service in order to make service to service calls. I am

Answer 1

Azure Active Directory B2C can issue access tokens for access by a web or native app to an API app if:

1. Both of these apps are registered with B2C; and
2. The access token is issued as result of an interactive user flow (i.e. the authorization code or implicit flows).

Currently, your specific scenario -- where you are needing an access token to be issued for access by a daemon or server app to the API app (i.e. the client credentials flow) -- isn't supported, however you can register both of these apps through the “App Registrations” blade for the B2C tenant.

You can upvote support for the client credentials flow by B2C at:

https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/18529918-aadb2c-support-oauth-2-0-client-credential-flow

If the API app is to receive tokens from both the web/native app as well as the daemon/server app, then you will have to configure the API app to validate tokens from two token issuers: one being B2C and other being the Azure AD directory in your B2C tenant.