Connecting Azure AD B2C to identityserver4 via the B2C custom identity provider

This completes the series I’ve been working on.

The previous posts were:

It’s worth reading those posts as I go into the background in greater detail.

I’ve come across two reasons to do this “connection” lately.

  • A customer that had credentials in a database on a Linux server and wanted these “internal” users to access B2C as well. idsrv4 is .NET Core that runs on Linux. The usual “external” users use local accounts in B2C.
  • A customer that had credentials in a SQL Server database on a Windows server and wanted these “internal” users to access B2C as well. The usual “external” users use local accounts in B2C.

B2C OOTB can’t integrate with an external database.

Adding idsrv4 to the mix in both the above examples provided the desired solution. Via the extensions, idsrv4 can integrate to any database.

For the purposes of this post, I need an internet accessible version of idsrv4. This is so B2C can access it. Running on my PC under localhost won’t work. I thought about deploying my sample to Azure App services but then remembered there is already an Azure demo. site at:

https://demo.identityserver.io/

I’m going to use the authorisation code grant flow.

Clicking on the “discovery document” link takes us to:

So over to B2C and let’s add another Identity provider:

We’ve added the “Metadata URL” and the client id of “server.code” and the secret of “secret” from the idsrv4 screen above.

I used these claims mappings:

Remember to add the Identity provider to the policy:

Click “Run now” on the B2C policy.

Select “idsrv4B2C”.

Login with “bob” / “bob”.

Allow.

And back to jwt.ms. (This is because I set the B2C policy reply URL to this).

Success!

I really like the fact that B2C allows you to do these integrations via the custom Identity provider and that idsrv4 (being open source) allows you to do pretty much anything via the extensions.

All good!