Authentication with AzureAD-B2C

[bwieckow]

No description provided.

[PiotrWachulec]

Tenant created. Let's talk about configuration details at our weekly meeting @bwieckow

[PiotrWachulec]

Let's discuss with @hayuna ways of possible authentication to the app: GitHub for programmers and GMail/Email for non-programmers, and possibly other providers.

[PiotrWachulec]

Status update (plans for the next few days):

• review possibilities of defining AAD B2C configuration as a code,
• prepare example codes,
• confirm providers' configuration.

[PiotrWachulec]

The custom policies which define possible user actions - log in, sign up, reset the password, and so on - can be defined as XML files. That files can be edited with Visual Studio Code. There is the custom extension for that IDE: Azure AD B2C.

After preparing the policy definition, it can be stored on repository -> TODO: Decide where it can be stored in our case -> and deployed with CI/CD tool. By default in the documentation, the Azure Repos and Azure Pipelines were used for that purpose.

In the documentation, the Powershell is used for deploying the policies to AAD B2C tenant, but deployment is based on calling API, so any tool/language/whatever which allows for making REST calls can be used for deploying the policies. -> TODO: Decide what we want to use to achieve that. CURL? Other things?

When we decide where the definitions should be stored and what method should be used for deploying the policies, we need to create the new GitHub flow, which will observe the changes in chosen repo/folder and trigger when something will change.

Managing the applications from the Terraform - some info can be found on GitHub.

Info about customization of the UI of AAD B2C login experience - Customize the user interface with HTML templates in Azure Active Directory B2C.

Nice info I found - the possibility to configure custom domain is currently in public preview - so we can use that for our application - as long as we aren't on production. For production, usage is recommended to not use features that aren't in GA (General availability). But first, it should be reviewed, how to configure that and what are the limitations.

[hayuna]

FYI we dont want to use users password. Sign into the website should be provided only via socials (google, github + maybe linkedin, facebook)

[PiotrWachulec]

• Chosen place for custom policies: terraform repository and aadb2c-auth-policies folder.
• Policies deployment with newly created GitHub flow.
• Check if there are some actions for making HTTP requests. If not, try to use classic curl.
• App registrations definitions should be stored in terraform/project-apps-dev/GeeksAcademy in the file called aadb2c-spns.tf

Next steps:

• Configure basic custom policy and flow for deployment.
• Demo for developers teams - backend and frontend.
• Research on configuration custom domain topic - what should be done and what is required.

[PiotrWachulec]

• Configured GitHub as Identity Provider in AAD B2C
• Found action for curl requests
• Added empty file for new GitHub Action

[PiotrWachulec]

TODO: Check if logging with two providers link to the same account in B2C