App Center Auth

App Center Auth is a cloud-based identity management service that enables developers to authenticate users and manage user identities.

App Center Auth also integrates with other parts of App Center, enabling developers to leverage the user identity to view user data in other services and even send push notifications to users instead of individual devices. Whether you are an app developer building a collaboration app for users inside your organization or the next social networking platform, you will need a way to authenticate users and manage user identities.

Auth is currently in preview, but is fully supported. Our preview supports native iOS, Android and Xamarin. Setting up the Auth preview requires an existing Azure subscription and Azure Active Directory B2C tenant.

How Auth works

App Center Auth is powered by Azure Active Directory B2C (Azure AD B2C). We chose Azure AD B2C because it is an enterprise-grade, highly-available and secure global service that handles and scales to billions of authentications per day. Using Azure AD B2C, you can easily customize and control how users securely interact with your mobile applications at scale. If you'd like to learn more about how Azure AD B2C works, please refer to the section on Understanding Azure AD B2C.

App Center Auth SDK wraps Microsoft Authentication Library (MSAL), which is a platform that gives your application the ability to target the identities in Azure AD B2C. Azure AD B2C implements a form of the OpenID Connect and OAuth 2.0 protocols.

To get started with App Center Auth, you need to integrate the App Center Auth SDK and have set up App Center Auth to connect an existing Azure AD B2C tenant in the portal.

App Center Token Exchange Service

The signIn() method enables the user to sign in, and Azure AD B2C passes the Application ID and Redirect URI (the unique identifier that redirects the OAuth 2.0 responses back to your app) to the third-party identity provider. Once the user grants the mobile application permission to access the resource in the third-party identity provider, it returns bearer tokens that are represented as JSON web tokens (JWTs). A bearer token is a lightweight security token that grants the "bearer" (i.e. your app) access to a protected resource. Azure AD B2C then verifies the JWT and creates claims. These claims include properties such as:

  • ID that we use to identify the signed-in user
    • This is the account_id we use to identify the signed-in user across App Center.
  • Scopes or permissions granted to the resource for the JWT
    • Scopes, such as read, write, and delete, are a way to manage permissions to protected resources.

Learn about the Azure AD B2C authorization code flow.

Limitations

Using App Center Auth has the following limitations in preview:

  • We require an existing Azure subscription and Azure AD B2C:
  • You have to register both mobile and web applications on Azure AD B2C.
  • You can select one scope (or permission) to use with your application.
  • You must use the Sign up and sign in user flow or custom policy that contains the sign-in identity task.
  • You need to be signed in to App Center with a Microsoft account to connect an Azure AD B2C tenant in Auth.

Pricing

App Center Auth is a free service, but you pay for Azure AD B2C authentications. The first 50,000 authentications per month are free. An authentication is defined as a token issued either in response to a sign-in request initiated by a user, or initiated by an application on behalf of a user (e.g. token refresh, where the refresh interval is configurable). It is free to store authenticated users in the Azure AD B2C tenant. If you turn on Multi-Factor Authentication, you will be charged at a flat fee of $0.03 per authentication.

Getting Started

Getting started is easy! Follow these 4 steps in the Getting Started documentation:

  1. Connect an Azure subscriptipn
  2. Connect an existing Azure AD B2C tenant
  3. Configure the App Center Auth SDK
  4. Run your app