cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
captainsina
Regular Visitor

How to call an Azure B2C protected Web API from portal page using current user's authentication token

Hi,

I am trying to make a call to a custom Web API from a custom portal page.

The portal is integrated with Azure B2C.

The Web API is hosted in Azure App Service and is secured using the same azure B2C instance that is integrated with the portal.

 

If the user reaches this custom page, he is already authenticated and has a token. I need to pass this token to the Web API.

The issue is I cannot get that token in JavaScript so I can include it in the http header of my call to Web API.

 

JavaScript code:

var apiCall = {
"url": "api url",
"method": "GET",
"dataType": "json",
"headers": {
"Authorization": "Bearer current User's Token (how to get it????)",
}
};

$.ajax(apiCall).done(function (response) {
console.log(response);
performOperations(response);
}).fail(function (xhr, textStatus, errorThrown) {
alert(xhr.responseText);
alert(textStatus);
});

 

Any ideas?

Is this even the right architecture/approach?

 

1 ACCEPTED SOLUTION

Accepted Solutions
OOlashyn
MVP

Hi @captainsina ,

Unfortunately, you won't be able to find the token for the user. If you are the owner of that Web API (or your API supports OAuth 2 implicit grant flow) I would advise you to take a look OAuth 2 implicit grant flow that is supported on the portal (https://docs.microsoft.com/en-us/powerapps/maker/portals/oauth-implicit-grant-flow). This way you would be able to get an access token and then verify it with an external API. If you aren't in control of Web API or it doesn't support that I am not sure that you can do anything. 

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.

View solution in original post

3 REPLIES 3
OOlashyn
MVP

Hi @captainsina ,

Unfortunately, you won't be able to find the token for the user. If you are the owner of that Web API (or your API supports OAuth 2 implicit grant flow) I would advise you to take a look OAuth 2 implicit grant flow that is supported on the portal (https://docs.microsoft.com/en-us/powerapps/maker/portals/oauth-implicit-grant-flow). This way you would be able to get an access token and then verify it with an external API. If you aren't in control of Web API or it doesn't support that I am not sure that you can do anything. 

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.

Thank you!

@OOlashyn 

From Client side I have managed to successfully get the token using the sample code in the link you provided.

For the API itself, the sample code is written in .net 4.6.1. My API is written in .net 5.0 and libraries are totally different.

Do you have any .net 5.0 Web API sample code that uses this implicit grant method?

 

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

365 EduCon 768x460.png

Microsoft 365 EduCon

Join us for two optional days of workshops and a 3-day conference, you can choose from over 130 sessions in multiple tracks and 25 workshops.

Top Solution Authors
Users online (1,854)