1

i have an azure ad b2c which will be the ad for the users of my application.

to secure spring rest apis in a java spring boot application we need rbac.

saw azure has option for custom roles but it seems to be in preview.so short of maintaining db tables for roles and privilege what other good tools or dependencies are available so that we dont need to manage rbac by ourselves but delgate to thatand if possible call its exposed api to add roles as well? i saw auth0 and nothing else.any better options?

sand87
  • 123
  • 1
  • 11

1 Answers1

0

Currently AAD B2C does not provide an Out-of-the-box RBAC functionality.

In Azure AD we can implement it by modifying the "groupMembershipClaims" field in application manifest: "groupMembershipClaims": "SecurityGroup". But it's not available in Azure AD B2C.

But we can take advantage of REST API claims Integration and Microsoft Graph. You can add a new claim type 'groups' into the custom policy and call the Microsoft Graph to get user's groups. Here is an example for your reference.

Some other helpful content:

Authorize By Group in Azure Active Directory B2C

UserVoice: Get user membership groups in the claims with AD B2C

Allen Wu
  • 15,529
  • 1
  • 9
  • 20
  • To secure my API and to login and decide who gets to access api i have been looking at microsoft docs.I havent used ADAL but on search i found MSAL4J.Mine is a spring boot sample.i found two things.One MSAL4J in microsoft docs with a spring security example which includes spring-security-oauth2-autoconfigure.Another doc states using azure-active-directory-b2c-spring-boot-starter dependency.Now i am thoroughly confusedbtw both as the dependencies seem different and i dont know if the spring boot starter dependency is another way to implement MSAL4j – sand87 Jul 06 '20 at 03:50
  • decided finally to use azure-active-directory-spring-boot-starter.Lets see where it takes me – sand87 Jul 06 '20 at 03:50
  • Unfortunately the RBAC solution does not work with social accounts. – Emaborsa May 06 '21 at 21:43