'Authenticating users through Azure AD B2C with React Native - ASP.NET Core Web API

I'm pretty new to mobile app development, with some experience regarding ASP.NET Core. In the past, I've used Firebase's Authentication module for its simplicity, but until now there hasn't been a case where I had to design and develop the authentication completely from scratch, especially not in mobile apps. Yesterday I've been googling and reading documentation all day long, just to find myself with even more questions than I had before...

The main idea is to create a cross-platform mobile app with:

  • React Native (Expo managed workflow)
  • ASP.NET Core 3.1 Web API with protected endpoints through validation of a JWT token in the request header
  • Identity Server: Azure AD B2C
  • Authorization Code flow with PKCE, as recommended by various docs

Yesterday I started looking at the AuthSession API of Expo (https://docs.expo.dev/versions/latest/sdk/auth-session), with which I managed to get an access token from the Azure AD B2C server after logging in with an existing user through the mobile app. This is all done through a webbrowser popping up when a user clicks 'Sign In' in the mobile app.

This made me think however: how do I implement the validation of this JWT token which comes from the Azure AD B2C server in the Web API? Many guides & tutorials regarding this topic simply configure a JWT key in the appsettings and use this key to both generate the JWT token and validate it afterwards. Is this where claims might come in handy?

I honestly feel a bit lost as the possibilities seem endless on one hand (hence the 50+ tabs currently open in my browser), but on the other I find it a bit suspicious to not find any decent example of my use case which makes me think I'm doing something completely wrong or overly complex. All I'm basically looking for is a clean and secure solution to authenticate users with my current app setup, without having to reinvent the wheel all over again. So far I've probably looked at every single library/nuget package/stackoverflow post out there...

Any guidance towards the usage of 1 or more specific libraries/guides/packages would therefore be greatly appreciated!

react-nativeasp.net-web-apijwtexpoazure-ad-b2cpythonexcelsorting


Solution 1:[1]

Have you looked at the B2C MSAL samples?

In terms of validating the JWT, there are many samples here. Also B2C.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 rbrayb

Related Questions

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

pip issue installing almost any library

pip issue installing almost any library

pip issue installing almost any library

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

A simple SMTP server (in Python)

How to specify which pytorch to import, if I have two different versions installed?

How to specify which pytorch to import, if I have two different versions installed?

A simple SMTP server (in Python)

Python: get all months in range?

Python: get all months in range?

Python: get all months in range?

How to specify which pytorch to import, if I have two different versions installed?