Hi all,
I am attempting to call an API with Azure B2C during a user journey. The API I'm calling requires two headers to be present -- a client ID and a client secret.
When I define both the client_id and client_secret values within <CryptographicKeys>, I receive an error that only one key is expected for ApiKeyHeader authentication type. So it appears I cannot provide multiple headers this way.
Is there a way to allow multiple headers in this way? Or alternatively, is there some other way I'm unaware of where I can provide the client ID as a header without referencing it as a key, since it doesn't need to be secured in my case?
My technical profile currently looks like this (scrubbed of identifying information)
<TechnicalProfile Id="Call-Workflow-On-Registration">
<DisplayName>Call Workflow for User upon Registration</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<!-- TODO: Remove ngrok URL in favor of actual URL. The ngrok URL forwards to the listening developer's machine so we can examine calls. -->
<Item Key="ServiceUrl">http://scrubbed.ngrok.io/users/registrationRequests</Item>
<Item Key="AuthenticationType">ApiKeyHeader</Item>
<Item Key="SendClaimsIn">Body</Item>
<Item Key="ClaimUsedForRequestPayload">workflowRequestBody</Item>
<Item Key="DefaultUserMessageIfRequestFailed">Cannot process your request right now, please try again later. (Reference ID: 1827346)</Item>
</Metadata>
<CryptographicKeys>
<Key Id="client_id" StorageReferenceId="B2C_1A_WorkflowClientIdNonProd" />
<Key Id="client_secret" StorageReferenceId="B2C_1A_WorkflowClientSecretNonProd" />
</CryptographicKeys>
<InputClaimsTransformations>
<!-- This generates the JSON body using the user's object ID -->
<InputClaimsTransformation ReferenceId="GenerateWorkflowBody" />
</InputClaimsTransformations>
<InputClaims>
<!-- This claim is provided by the InputClaimsTransformation -->
<InputClaim ClaimTypeReferenceId="workflowRequestBody" />
</InputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>