cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
captainsina
Regular Visitor

How to call an Azure B2C protected Web API from portal page using current user's authentication token

Hi,

I am trying to make a call to a custom Web API from a custom portal page.

The portal is integrated with Azure B2C.

The Web API is hosted in Azure App Service and is secured using the same azure B2C instance that is integrated with the portal.

 

If the user reaches this custom page, he is already authenticated and has a token. I need to pass this token to the Web API.

The issue is I cannot get that token in JavaScript so I can include it in the http header of my call to Web API.

 

JavaScript code:

var apiCall = {
"url": "api url",
"method": "GET",
"dataType": "json",
"headers": {
"Authorization": "Bearer current User's Token (how to get it????)",
}
};

$.ajax(apiCall).done(function (response) {
console.log(response);
performOperations(response);
}).fail(function (xhr, textStatus, errorThrown) {
alert(xhr.responseText);
alert(textStatus);
});

 

Any ideas?

Is this even the right architecture/approach?

 

1 ACCEPTED SOLUTION

Accepted Solutions
OOlashyn
MVP

Hi @captainsina ,

Unfortunately, you won't be able to find the token for the user. If you are the owner of that Web API (or your API supports OAuth 2 implicit grant flow) I would advise you to take a look OAuth 2 implicit grant flow that is supported on the portal (https://docs.microsoft.com/en-us/powerapps/maker/portals/oauth-implicit-grant-flow). This way you would be able to get an access token and then verify it with an external API. If you aren't in control of Web API or it doesn't support that I am not sure that you can do anything. 

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.

View solution in original post

3 REPLIES 3
OOlashyn
MVP

Hi @captainsina ,

Unfortunately, you won't be able to find the token for the user. If you are the owner of that Web API (or your API supports OAuth 2 implicit grant flow) I would advise you to take a look OAuth 2 implicit grant flow that is supported on the portal (https://docs.microsoft.com/en-us/powerapps/maker/portals/oauth-implicit-grant-flow). This way you would be able to get an access token and then verify it with an external API. If you aren't in control of Web API or it doesn't support that I am not sure that you can do anything. 

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.

Thank you!

@OOlashyn 

From Client side I have managed to successfully get the token using the sample code in the link you provided.

For the API itself, the sample code is written in .net 4.6.1. My API is written in .net 5.0 and libraries are totally different.

Do you have any .net 5.0 Web API sample code that uses this implicit grant method?

 

Helpful resources

Announcements
Welcome Super Users.png

Welcome Super Users

The Super User program for 2022 - Season 2 has kicked off!

Ignite 2022

WHAT’S NEXT AT MICROSOFT IGNITE 2022

Explore the latest innovations, learn from product experts and partners, level up your skillset, and create connections from around the world.

September Events 2022

Check out all of these events

Attend in person or online, there are incredible conferences and events happening all throughout the month of September.

Users online (4,275)