question

BrianWeldon-2223 avatar image
0 Votes"
BrianWeldon-2223 asked BrianWeldon-2223 commented

Azure B2C Custom Policy - Send Bearer Token and API key to REST API

I am building a Custom Azure AD B2C policy for login and during the User Journey I need to call a REST API that is protected by both a Bearer Token and an API key in the header. The documentation indicates you have to pick one or the other. Is there anyway to send both? Here is my TechnicalProfile:

<TechnicalProfile Id="getAppConsent">
<DisplayName>Call Internal API to determine if this user is authorized for the given app</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ServiceUrl"><my_url></Item>
<Item Key="AuthenticationType">ApiKeyHeader</Item>
<Item Key="UseClaimAsBearerToken">IdPToken</Item>
<Item Key="SendClaimsIn">QueryString</Item>
<Item Key="AllowInsecureInProduction">true</Item>
<Item Key="DefaultUserMessageIfRequestFailed">Cannot process your request, please try again later.</Item>
</Metadata>
<CryptographicKeys>
<Key Id="API-Key" StorageReferenceId="B2C_1A_APIKey" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="IdPToken"/>
<InputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tenantid" />
<InputClaim ClaimTypeReferenceId="appId" DefaultValue="{OIDC:ClientId}" AlwaysUseDefaultValue="true" />
<InputClaim ClaimTypeReferenceId="userId" PartnerClaimType="username" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="appName" />
</OutputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>

Thank you for your assistance,

Brian Weldon

azure-ad-b2c
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @BrianWeldon-2223 • Unfortunately, this is not possible. You cannot use ApiKeyHeader with any other authentication methods - Basic, Bearer, or ClientCertificate.

0 Votes 0 ·
BrianWeldon-2223 avatar image BrianWeldon-2223 amanpreetsingh-msft ·

Thank you for your response @amanpreetsingh-msft. I assume that it is also not possible to set the AuthenticationType to Bearer and add another custom header? I did not see any mention of this in the documentation.

0 Votes 0 ·

@BrianWeldon-2223 • Right, you cannot add multiple AuthenticationType keys to specify different headers. This will result in the error: An item with the same key has already been added. during the upload of the policy file.

0 Votes 0 ·
Show more comments

0 Answers