Azure AD B2C

Journey's can be authenticated using Azure AD B2C as an OAuth vendor and can require users to login before accessing a web flow in an application.

775

This document will walk through authenticating a Journey using Azure AD B2C using Google as the identity provider. For additional information on setting up other identity providers in Azure AD B2C and Airkit see here.

Pre-requisites

Authenticating a Journey using Azure AD B2C using Google as the Identity Provider

Register a Web Application in Azure AD B2C

To register a web application in Azure AD B2C, follow the steps outlined in this document.

1193

The one step that is different is using the following Redirect URI:

📘

Redirect URI

https://{base-domain}/internal/session-gateway/v1/oauth/callback

The {base-domain} can be found in Settings. For example, in the following screenshot, the base domain would be app.airkit.com.

1236

Once the web application is registered, take note of the client ID, as this will be needed in a future step.

Set up sign-up and sign-in with a Google Account

To set up sign-up and sign-in with a Google account, follow the steps outlined in this tutorial. After creating the Google application and configuring Google as an identity provider, you will need to add the Google identity provider to a User Flow.

When creating the User Flow, there are some additional steps needed in order for it to work with Airkit. Under User attributes and token Claims, the following attributes and claims are required:

Collect attribute

  • Email Address

Return Claim

  • Email Addresses
  • Identity Provider Access Token
1147

Configure Authentication in Airkit

After setting up sign-up and sign-in with Google in Azure AD B2C, go to Settings in the Airkit App and change the App Authentication Type to Secure App.

318

Then select OAuth 2.0 w/ OpenID Connect as the Authentication Method and choose Azure AD B2C as the OAuth Vendor.

319

Next, fill in the following based off of your Azure AD B2C configuration.

OAuth Client ID (Required)

  • The application (client ID) of the web application that is registered in Azure

Tenant (Required)

  • The name of the Azure AD B2C tenant

User Flow Policy (Required)

  • The name of the User Flow that was created.

Custom Domain

  • The domain name of the Azure AD B2C tenant.

Force auth on web link

  • Require authentication each time the web link is accessed.
1121

Then, save your app and Publish and test out the web link to see if you are asked to authenticate.

Authentication Success

After setting up you OAuth authentication, go to Connections Builder and click on the On Authentication Success Event.

The “On Authentication Success” event will run when the user is authenticated. On this event, there is the event namespace where you can access data about the user.

1104

To access this data and store it in a session variable, In the Inspector section, click on the ‘+’ icon under Actions and add a Set Variable action and set it to a property in the event namespace.