I am using Google flutter has a front end for mobile development and I am using Azure App Services as a backend.

How can I handle login and authentication so I can call Azure AD B2C using Easy Auth which is part of Azure App Services. I haven't seen any SDK's for Flutter. Flutter doesn't use Javascript, so I can't use the javascript to call it like I have seen in other Azure examples.

Any thoughts? I would think a lot of other would face this same issue since Azure is so popular. I would like to use Google Firestore, but I can't since it's not HIPAA compliant.


Solution 1: Jas Suri - MSFT

Since its a native app implementation, you could use the ROPC (resource owner password credential) flow to obtain a token for AAD B2C for your REST API. You create a policy like so: https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-ropc

Then have the application make a REST API call to obtain a token: https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-ropc#test-the-user-flow

The App service needs to be setup with B2C as its authentication provider: Enable authentication. After this select “Azure Active Directory” under the list of Authentication Providers, this will open a new configuration blade, select “Advanced” and note the required fields, including Client ID and Issuer Uri – the Client Secret and Allowed Token Audiences are optional fields. Go to the next steps to collect the application Client ID and Issuer URI values from B2C.

Create a new B2C application. From the Azure Portal (optionally, you can open a separate browser tab or new browser session, keeping the previous blade open/available), go to your B2C Tenant Blade, and select Applications, then select +Add to create a New Application. In the New Application blade, give the app a friendly name, Select Yes for Web App/ Web API option, in the Reply URL section, enter in the full Azure website name that you created in step 2, and append it with: /.auth/login/aad/callback. For example: https://myAppSecuredByB2C.azurewebites.net/.auth/login/aad/callback

Select Create.

Collect B2C Application ID. After successfully creating the application, go back to the B2C Admin Portal Application blade, find your newly created application and open the profile to collect the Application ID – copy this B2C application ID – this will be used to finish the Azure Function configuration.

Collect B2C OpenID Connect Metadata URL endpoint. Go to the top level Azure AD B2C blade, and select User Journeys, and select a Sign In Sign Up policy (or any other policy that you have created, and select the “Run user flow” button – once the blade is opened copy the Openid Metadata endpoint

Go back to the authentication blade of the App Service. Select: Azure Active Directory Settings – enter the B2C Application ID into the Client ID property. Similarly, enter in the B2C Open ID Connect metadata URL into the Issuer URI property. Select OK to finish the configuration.