Feature Request: Option to use the id_token instead of access_token

Question

Feature Request: Option to use the id_token instead of access_token

MarkJaroski opened this issue 4 years ago · 5 comments

We're running into some limitations in our implementation which has to support B2B (Azure Guest) users and internal users.

I'm considering changing things around a bit to use the id_token rather than the access_token for incoming claims, since we have a bit more flexibility with configuring the claims present there.

What do you think about the idea?

Answer 1 · 2020-04-21T12:39:42.000Z

Have you played with Azure AD B2C? It covers internal and B2B scenarios, and you can fully customize (with a bit of experience) the user flows, user attributes, claims, etc.
Check the B2C provider here: https://github.com/intelequia/dnn.azureadb2cprovider

Answer 2 · 2020-04-21T12:41:51.000Z

Thanks David.

We did give it a try. I didn't realise that it also covers internal and B2B users. I'll go give the documentation a more in-depth read. Thanks!

Answer 3 · 2020-04-21T13:43:00.000Z

How do we configure the B2C provider to use B2B and internal users instead? We don't have a B2C tenant, so the first part of the handshake fails.

Answer 4 · 2020-04-21T14:32:45.000Z

By using the OpenID Connect provider. Check these docs:

Using user flows (single tenant): https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant
Using B2C custom policies:
- Single tenant (single tenant): https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant-custom
- Multi tenant (multi tenant - B2B): https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-multi-tenant-custom