Azure AD B2C application vs Azure App Registration app

Question

I don’t really understand the difference between Azure AD B2C Application and Azure App Registration Application. I can see some of my Azure AD B2C applications in the Azure App Registration page, but the opposite is not true.

The good part of Azure App Registration is that you can request the Graph API if you have the right permissions and it’s not true for an Azure AD B2C Application.

https://docs.microsoft.com/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet

But it seems to be not possible to be authenticated with Azure AD B2C with an Azure App Registration application.

Do you know if there is a possibly to have all-in-one ? An application which can authorize AAD B2C authentication and request the Graph API.

Answer 1

The two sets of apps are completely independent of each other.

You should not be able to see any of the Azure AD B2C apps in the Application Registration portal (ARP). The only app that may be visible is the 'b2c-extensions-app', which is a system application that B2C uses to store information about users. Likewise, the apps in the ARP portal should not be visible in the B2C portal.

Unfortunately it is not possible to have an "all-in-one" app at the moment. You should vote for the feature here.

Depending on your scenario, you could register an application in both the portals, and use the right one depending on the request you need to make.

Answer 2

1) Currently it is not possible to use the same app registration for both Microsoft Graph API and Azure AD B2C.

a. Azure AD B2C Apps must be registered using the Azure AD B2C blade in the Azure portal.

b. Graph API applications can be registered either at https://apps.dev.microsoft.com/ or by creating an application in your Azure Active Directory tenant (but not under the Azure AD B2C blade).

2) Graph API currently does not accept tokens issued by Azure AD B2C. This means you may need a separate micro-service that will authenticate with Microsoft Graph using the ClientId / ClientSecret of your Graph API Application Registration. The instructions in the documentation will have you configure “create, read and update permissions” for your Graph API app registration. (https://docs.microsoft.com/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet)