Skip to content

Instantly share code, notes, and snippets.

View rbrayb's full-sized avatar

rbrayb rbrayb

38 followers · 0 following
View GitHub Profile
@rbrayb
rbrayb / Program.cs
Created April 5, 2025 23:43
Validating the ID and Access JWT signature in Entra External ID
using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Tokens;
using Newtonsoft.Json.Linq;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Cryptography;
using System.Text;
class Program
{
// https://xsreality.medium.com/making-azure-ad-oidc-compliant-5734b70c43ff
@rbrayb
rbrayb / ciamHelper.cs
Created March 31, 2025 02:52
Using Azure AD B2C custom policies to implement Profile Edit on Entra External ID with Native auth
if (method == "auth")
{
Console.WriteLine("\n" + "Authenticating user");
using (var httpClient = new HttpClient())
{
// Add Host header
httpClient.DefaultRequestHeaders.Host = "externaltenant.ciamlogin.com";
// Step 1: Initiate
@rbrayb
rbrayb / B2C_1A_Extension_OrchestrateToCiam_PE.xml
Created March 30, 2025 22:24
Using Azure AD B2C custom policies to implement Profile Edit on Entra External ID
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0"
TenantId="tenant.onmicrosoft.com" PolicyId="B2C_1A_OrchestrateToCiamV2_PE"
PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_OrchestrateToCiamV2_PE"
DeploymentMode="Development"
UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights">
<BasePolicy>
<TenantId>tenant.onmicrosoft.com</TenantId>
@rbrayb
rbrayb / ExternalIDSigninSAML.xml
Created March 9, 2025 01:29
Connecting Entra External ID as an SP to Azure AD B2C via SAML
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="tenant.onmicrosoft.com" PolicyId="B2C_1A_ExternalIDSigninSAML" PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_ExternalIDSigninSAML" DeploymentMode="Development" UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights">
<BasePolicy>
<TenantId>tenant.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TrustFrameworkExtensionsSAMLMeta</PolicyId>
</BasePolicy>
@rbrayb
rbrayb / Extensions_TOTPSMS.xml
Last active March 5, 2025 23:23
Calling Graph API from inside an Azure AD B2C custom policy
<!-- For access token -->
<TechnicalProfile Id="REST-AcquireAccessTokenForGraph">
<DisplayName>Acquire Token</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ServiceUrl">https://login.microsoftonline.com/tenant.onmicrosoft.com/oauth2/v2.0/token</Item>
<Item Key="AuthenticationType">Basic</Item>
<Item Key="SendClaimsIn">Form</Item>
</Metadata>
@rbrayb
rbrayb / Extensions_TOTPSMS.xml
Created March 4, 2025 02:04
Integrating both SMS and TOTP MFA in a single custom policy in Azure AD B2C
<?xml version="1.0" encoding="utf-8"?>
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0"
TenantId="tenant.onmicrosoft.com" PolicyId="B2C_1A_Extensions_TOTPSMS"
PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_Extensions_TOTPSMS">
<!-- FYI
https://cloudfirstapproach.com/integrate-sms-and-totp-in-azure-ad-b2c-custom-policy/?form=MG0AV3
@rbrayb
rbrayb / B2C_1A_Extension_OrchestrateToCiam.xml
Last active October 2, 2024 02:14
Using Azure AD B2C custom policies with Entra External ID
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="tenant.onmicrosoft.com"
PolicyId="B2C_1A_OrchestrateToCiamV2" PublicPolicyUri="http://tenant.onmicrosoft.com/" TenantObjectId="tenant.onmicrosoft.com>"
DeploymentMode="Development"
UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights"
>
<!--
Please modify policyId to save the policy.
@rbrayb
rbrayb / SignUpOrSignin_Kinde.xml
Created September 24, 2024 00:24
Connecting Azure AD B2C to Kinde via OIDC
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="tenant.onmicrosoft.com" PolicyId="B2C_1A_signup_signin_Kinde" PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_signup_signin_Kinde" DeploymentMode="Development" UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights">
<BasePolicy>
<TenantId>tenant.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TrustFrameworkExtensions_DC</PolicyId>
</BasePolicy>
@rbrayb
rbrayb / MailDebug.cs
Created September 6, 2024 03:09
Using a fake email server to validate OTP codes in Azure AD B2C
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Extensions.Http;
using Microsoft.Extensions.Logging;
using System;
using System.Net;
using System.Net.Mail;
using System.Threading.Tasks;
@rbrayb
rbrayb / SignUpOrSignIn_Create_TOTP.xml
Last active January 30, 2025 20:56
Using the TOTP MFA method in Azure AD B2C with an authenticator application
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0"
TenantId="tenant.onmicrosoft.com"
PolicyId="B2C_1A_Demo_SignUp_SignIn_Create_TOTP"
PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_Demo_SignUp_SignIn_Create_TOTP">
<BasePolicy>
<TenantId>tenant.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_Demo_TrustFrameworkExtensions_Create_TOTP</PolicyId>
</BasePolicy>