Tuesday, January 30, 2018

How to Create Azure AD B2C app programmatically using Powershell or Graph API

We've had critical business need to create or register native /web client applications on Azure AD B2C blade programmatically. Currently Graph API or Powershell cmdlets supports creating applications only in AD blade, NOT under B2C blade (V2 app), we've even tried with MSGraph API, though MSGraph post API was able to create application in the B2C, the application was getting created as "faulted app"(useless). We approached Microsoft support team many times and  all the times the response from them was "NO, currently we are NOT supporting B2C app creation programmatically". We even approached PM's in Microsoft and got the same answer, saying this functionalities will be available only be next year (2019) - insane ..right

As this was a critical need for us, I was forced to find atleast a temporary workaround for this and here's what I tried and worked for me.

As  we know the only way to crate B2C app is creating to manually from portal.azure.com...so as a first step I tried to mock that activities using Powershell.

So, using fiddler first I try to capture the access token and Azure internal API which being used while doing it manually from portal.

With JWT token captured through fiddler, I decoded token and get the "Audi" audience information which is the resource server which accepts the token. Then using RM context refresh token grant type, I invoked a rest method which will give API token for the particular "aud" or resource which we get in previous steps.

Now, with this internal API token, I invoked "https://main.b2cadmin.ext.azure.com/API/ApplicationV2/PostNewApplication" to create B2C app... Below is the same code.
Note : This is just a temporary workaround for this , not recommended for production.



No comments:

Post a Comment