All the examples I have seen of how to create a custom connector to a WebApi protected by Azure are for Azure Active Directory, whereas many external facing APIs are protected by ADB2C (with "who can access this API?" being set to "Accounts in any identity provider or organizational directory (for authenticating users with user flows)").

How can I create a custom connector for such an API? How do I set the Security tab when creating the connector, for example?

I'm sure lots of others have this use case.

Thanks!

Categories:

Connector development

Solution

I managed to solve this via settings like the following:

Identity Provider: Generic Oauth2

Client ID: [put the appid of your registered app here]

Client secret: [put the corresponding client secret here]

Authorization URL: [put the relevant url of the relevant desired sign in policy here, e.g. NB prefix this with https:// ] cadsdevsm.b2clogin.com/cadsdevsm.onmicrosoft.com/B2C_1_SupportConsoleSignIn/oauth2/v2.0/authorize

Token URL: https://cadsdevsm.b2clogin.com/cadsdevsm.onmicrosoft.com/B2C_1_SupportConsoleSignIn/oauth2/v2.0/token

Refresh URL: https://cadsdevsm.b2clogin.com/cadsdevsm.onmicrosoft.com/B2C_1_SupportConsoleSignIn/oauth2/v2.0/authorize

Scope: [put the scope of your API here] https://cadsdevsm.onmicrosoft.com/TestSMCoreAPI/standard

Redirect URL: [this seems to have been set automatically by the system after saving the custom connector] https://global.consent.azure-apim.net/redirect