HOW TO — Secure your ReactJS frontend with Azure AD B2C

Fiqri Ismail
Jan 31 · 8 min read

A couple of months back I was introduced into the world of ReactJS. A client requirement to build a web frontend. All my developer days were spent on developing backend systems using Microsoft ASP.NET Web API and C#. And you can’t say no to your clients, right? if you have to do it you have to do it. So step into a new realm of building frontend applications.

My client already had a WEB API and a web frontend. This requirement was to create another separate sub-module using ReactJS to interact with that Web API. As usual security concerns put into the table and yep they already have Azure AD B2C setup for user management. The challenge was to use ReactJS to interact with Azure AD B2C for authentication and authorization.

Trust me, there were few tutorials on how to connect Azure AD and Azure AD B2C with frontend technologies. But all were bits and pieces here and there. I couldn’t find a full step by step tutorial that guides you through. So thought why not write one.

I have made a few assumptions here, that you already:

  1. Have experience on ReactJS and you don’t know how to connect Azure AD B2C.
  2. Have an Azure account. Don’t have one? Click on this link: https://azure.microsoft.com/en-us/ and click on the big fat green button that says “Start Free >”
  3. Have a fully functional Azure AD B2C directory with users. If you have an Azure account and need to create an Azure AD B2C account, have a look on this link: https://bit.ly/2U8X9Ft

Let's get started by creating a brand new ReactJS Project

  • If you are in Windows, fire up your command prompt or the terminal for other platforms such as Mac or Linux.
  • Go inside to your working directory.
  • Type the following command and press ENTER to create a ReactJS project.
  • Now navigate to the newly created project directory by typing,
  • Open up your favorite code editor (I will be using VS Code) and open up the directory you have created in the previous step.
  • Your editor should look like this
Newly created ReactJS project in VS Code

VS Code has this nice little feature called terminal window. This will open a terminal inside the code editor. It’s a very handy feature. Click on Terminal > New Terminalin the menu bar.

  • Now in the terminal window type

This will execute the ReactJS project. And it should look like this.

Your ReactJS app is up and running under http://localhost:3000

All good to go, let’s prepare our Azure AD B2C environment now.

Preparing Azure AD B2C Environment

In this section, we will be preparing our Azure AD B2C environment for authentication and authorization.

  • Now login to Azure Portal by clicking on this link: https://portal.azure.com
  • Click on the Filter button in the menu bar and switch to your B2C Directory
Filter button to switch to B2C Directory
  • Now click on All Services label in the sidebar menu.
  • Type “Ad b2c” in the All Services search box.
  • Click on Azure AD B2C label
Azure AD B2C
  • In Azure AD B2C blade, click on the Applications label.
  • In Applications blade, click Add + button.
  • Now fill in the information required to create a new Azure AD B2C Application, as shown below
Create a new application
  1. As you see it’s clear. Give a unique “Name” to your application.
  2. And then select Yes to “Web App / Web API” since we are creating a web application.
  3. And leave Yes as the default for “Allow implicit flow”
  4. Type the “Reply URL” in this case it's our local host address. Type “api” or any identifier of your choice to “App ID URI (optional)”.

Using this URI, you will allow the permission to your application to access certain features in your directory. As an example, this could be reading user profile information.

I have specially marked this because if you didn’t give an identifier in this location, you won’t see any scopes under “Published scopes”. I am not sure its a bug or not but without it, you won’t get default scopes here neither can create new.

  • Now click Create button to create the new application.
Application successfully created
  • Now click on the User flows (policies) label in the Azure AD B2C — Applications blade.
  • Click on + New user flow button.
New user flow
  • In the Create User Flow blade under Recommended tab click on the “Sign up and sign in” link.
Create a user flow
  • In the Create blade make sure you fill the form as per the picture below. You have given all the instructions and information you need in the blade itself.
Sign-up and sign-in user flow
  • Now you have successfully created a Sing up and sign in user flow. By clicking Run user flow button you will be able to test this flow.
User flow created

This is all you need at Azure AD B2C end. Let’s do a checklist.

  1. Azure Account [✔️]
  2. Azure AD B2C Tenant [✔️]
  3. Azure AD B2C Application [✔️]
  4. A user flow to sign up and sign in [✔️]

Excellent, now the setup is done. Let’s go back to our react application and do some coding.

Installing the library

Now, go back to your ReactJS application. In the terminal type the following command to install the library. Remember we were using VSCode terminal window.

react-azure-adb2c is a library that will help you to get the functionality or Azure AD B2C to your ReactJS application. By clicking here you will get brief documentation of how to use it in your ReactJS application.

Now you have successfully installed the library. In your ReactJS application click on the index.js file, at the top of the file add the following line of code.

Add this line of code after the import to initialize.

Now you need to replace the items marked in “<>” from the values at your Azure AD B2C Application.

Now go back to the Azure portal and grab the following information.

To grab the value for the tenant, go back to your Azure AD B2C directory. Under overview, copy the value in “Domain name” field.

Domain name is your tenant.

Now, to grab the applicationId, click on the Applications label, and copy the id from the newly created application, in this case, “ReactJS AADB2C” and replace the value at applicatoinId field.

Application Id

Now click on the User flows (polices) label and copy the name of the policy and replace the value at signInPolicy field.

Sign-in policy

Now the scopes array field. This array will give the necessary permissions to your application. These permissions will allow your ReactJS application to access functionality at Azure AD B2C.

To grab this information:

  1. Click on Applications label.
  2. Click on your application “ReactJS AADB2C”.
  3. Click on Published scopes label
  4. Grab the value at FULL SCOPE VALUE column for user_impersonation scope.
  5. Replace the value at scopes array (Remember this is an array, for each scope you need to add an element in this array)

Visit this link to get a full detailed documentation on scopes.

Excellent, we are almost done. Now, your initialize code should look like this.

One more thing to add. Let's replace the default ReactDOM.render() code with this.

After all these changes, your index.js file should look like this.

Almost there. Let's do a test run. In your terminal window type and execute the following command.

You should see this screen.

Azure AD B2C login screen.

Now use your login details for the Azure portal or you can create a new account by clicking on “Sign up now”. Remember? we have created a user flow for both sign-in and sign-up. Cool isn’t it.

Sign-up screen.

After creating a new account or using an existing account, you can log in to the application. But, you might not see the default ReactJS page. This might happen due to insufficient application permissions.

Chrome developer tools. Application session storage.

To fix this,

  1. Go back to the Azure Portal
  2. Goto the Azure AD B2C directory
  3. Click on the Applications label
  4. Click on the application ( “ReactJS AADB2C”) .you just created.
  5. Click on API access label
  6. Click + Add
  7. Select the application in step 4 from the Select API drop down.
  8. Select “Access this app on behalf of the signed-in user…”
  9. Click OK
Giving your application necessary permissions.

Lets’ go back to our ReactJS application and refresh or rerun it.

Congratulations !!! You are done.

ReactJS App

Let’s grab some information from Azure AD B2C and display it under the react logo.

Go back to the terminal and install the following package.

This package will allow you to decode the JWT token from Azure AD B2C and grab information inside it.

Now you need to visit back to Azure portal and let Azure AD B2C send you this information. To do this,

  1. Go back to the Azure portal.
  2. Go to your Azure B2C Directory.
  3. Click on User flows (policies) label.
  4. Click on the sign-in policy you have created.
  5. Click on the Application claims link
  6. Select the fields you need, in this case I have selected City, Country/Region, Email Addresses, Display Name, Given Name (this will be the First Name), Surname (this will be the Last Name).
  7. Click Save.
Enabling application claims.

Go back to your ReactJS application and click src directory. Add a new file. Name it as Auth.js. Copy and paste the following code inside the file.

Now open the App.js and replace with this code.

We are all done. Lets rerun our ReactJS application.

You will be prompted with the Microsoft login screen, after a successfull login you should see this screen.

We have picked up information from Azure AD B2C

And grab the code from here.

Have a nice day.

Fiqri Ismail

Written by

Architect| Microsoft MVP | Community Leader | Speaker | Blogger | Photographer