Azure Graph API, Angular, Get users Groups

Question

I want to query Azure AD Graph API to retrieve the groups claim for the logged in user from a registered Azure B2C app. The app I\'m calling from is an Angu

Answer 1

Azure AD B2C issues tokens using the Azure AD v2.0 endpoint:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

The Azure AD Graph API requires tokens that are issued using the Azure AD v1.0 endpoint:

https://login.microsoftonline.com/{tenant}/oauth2/token

For a single-page application to access to the Azure AD Graph API, you must bridge them using a proxy API (I will call this the User API), as follows.

At design-time:

1. Register the single-page application using the Azure AD B2C portal.
2. Register the User API using the Azure AD portal and grant the Read directory data permission.

At runtime:

1. The single-page application redirects the end user to the Azure AD B2C v2.0 endpoint for sign-in. Azure AD B2C issues an ID token containing the user identifier.
2. The single-page application invokes the User API with this ID token. The User API validates the ID token.
3. The User API acquires an access token from the Azure AD v1.0 endpoint using the application credentials that were created at design-time in step 2.
4. The User API invokes the Azure AD Graph API, passing the user identifier that was received in step 2, with the access token that was issued in step 3, queries the group memberships, and then returns these to the single-page application.