DEV Community

Cover image for How to have separate staging and testing token enrichment process without creating another Azure AD B2C Tenant.
ramtinmovahed
ramtinmovahed

Posted on • Edited on

How to have separate staging and testing token enrichment process without creating another Azure AD B2C Tenant.

Azure AD B2C tips

how to have separate staging and testing token enrichment process without creating another Azure AD B2C Tenant.

Based on your use case, you might want a separate process to add custom domains to your user flow. Azure B2C engine needs to call your APIs to get the appropriate claims to include in the JWT token. However, sometimes (especially during the staging environment), you might still want to have two separate API endpoints for Azure to call. One is the backend that sits in the staging environment, and the other one is the endpoint at your local dev environment.
A secure solution would require you to create different Azure tenants for testing and production. However, during the staging environment, you can make the process simpler by using a temporary custom policy that is based on the final policy to call those APIs.

A secure solution would require you to create different Azure tenants for testing and production. However, during the staging environment, you can make the process simpler by using a temporary custom policy that is based on the final policy to call those APIs.

The process is as follows:

  1. ensure that the API endpoints reside in the main user flow policy.
  2. create a duplicate of the custom policy that holds the orchestration steps and the API endpoint's
  3. put the appropriate URLs for each endpoint in each file.
  4. upload it to Azure.
  5. update your application to use the new test policy in the dev environment.

First step

The first step is to check that the technical profile exists in the policy file that contains the user journey.

<TechnicalProfile Id="EnrichToken">
          <DisplayName>...</DisplayName>
          <Metadata>
            <Item Key="ServiceUrl">https://yourendpoint.com/api/.../</Item>
          </Metadata>
          <InputClaims>
            <InputClaim ClaimTypeReferenceId="..." />
            ...
          </InputClaims>
          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="..."/>
            ...
          </OutputClaims>
          <IncludeTechnicalProfile ReferenceId="...." />
</TechnicalProfile>
Enter fullscreen mode Exit fullscreen mode

Step 2: create the test policy

  1. create a duplicate of that policy file.
  2. Remove all parts that you don't need to change.
  3. include the main policy file as the base policy of the test policy file.
    • since the Identity Experience framework has an inheritance model, all information would be included.
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="yourtenant.onmicrosoft.com" PolicyId="B2C_1A_yourNewTestPolicyFileName" PublicPolicyUri="http://yourtenant.onmicrosoft.com/B2C_1A_yourNewTestPolicyFileName" TenantObjectId="...">
  <BasePolicy>
    <TenantId>yourtenant.onmicrosoft.com</TenantId>
    <PolicyId>B2C_1A_NameOfPreviousPolicyFile</PolicyId>
  </BasePolicy>
  ....
</TrustFrameworkPolicy>
Enter fullscreen mode Exit fullscreen mode

Step 3: change the endpoints

In the test policy file, replace the endpoint with the development API endpoint.

<ClaimsProviders>
    <ClaimsProvider>
      <DisplayName>...</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="EnrichToken">
          <Metadata>
            <Item Key="ServiceUrl">https://yourdevendpoint.com/api/...</Item>
          </Metadata>
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>
</ClaimsProviders>
Enter fullscreen mode Exit fullscreen mode

Step 4: Upload to Azure

Upload the created test policy to azure.

Final step: updating the application.

Add the custom logic in your application to request this new test policy for authentication in the dev environment.

If you're using Blazor or ASP.NET, you can use the app settings to configure that.

  1. next to appsettings.json, create appsettings.Development.json (case sensitive)

  2. override the values for the policy

  "AzureAd": {
    "Authority": "https://yourtenant.b2clogin.com/yourtenant.onmicrosoft.com/B2C_1A_yourNewTestPolicyFileName"
  }
Enter fullscreen mode Exit fullscreen mode

Finally, test.

Thanks for reading. Have a good day!

Top comments (0)