microsoft-identity-web
microsoft-identity-web copied to clipboard
AzureAD
[Feature Request] On-Behalf-Of (OBO) flow for Entra ID for Customers
Describe the solution you'd like: On-Behalf-Of capabilities so that Microsoft Graph and Downstream APIs can leverage the authentication by users logging in to a Entra ID for Customers enabled tenant. This capability makes Entra ID for Customers an attractive proposition. Is this roadmapped for Entra ID for Customers?
Describe alternatives you've considered: Logging in with the customer and then just using the userid as a filter - is really a poor, suboptimal method but is all there is currently.
Additional context: I really, really want to use Entra ID for customers for high scale public apps and this is really critical for Entra ID for customers to be useful. The whole point for Entra ID for Customers is making it a central identity auth for your app's usage. With it, the opportunity is endless. Without it, I come back to previous online posts for 3 years ago where I realize I was already asking related questions.
An On-Behalf-Of (OBO) flow for customer login is/was arguably the most important feature for making Azure AD B2C be useful and grow. Without it, it's like having a car that can only make left turns or second gear. Can't really see a pressing need tbh for AD B2C or Entra ID for Customers without the capability.
Basically with AD B2C and Entra ID for Customers, you can login with Microsoft Identity, but so what? What can actually be done with it? That login can't be leveraged to actually do anything (with a data store, with graph, with an api).
I'm actually curious to hear how anyone has actually use it for anything?
Is really frustrating and depressing as was planning on making this a cornerstone of future development plans and architecture but is now dead in the water.
I'm surprised this hasn't had any replies at all. Maybe people with similar problems use another Identity provider like Duende or Auth0/Okta? I did see this https://learn.microsoft.com/en-us/answers/questions/1463306/is-on-behalf-of-(obo)-flow-supported-by-entra-exte
