We built a quick and dirty console application for managing users, groups, and IEF policies in an Azure AD B2C Graph directory tenant.
The B2C CLI is a console application initially designed to create test users and perform basic operations for users and groups in an Azure AD B2C tenant. The README file contains all relevant info for configuration and setup, so be sure to read it.
The command line has the following options:
Users: create, delete, list
Groups: create, delete, list, add user to group
IEF: validate policy files against schema, compile, publish, 'compublish' (compile + publish put together)
Introducing: IEF Commands
After receiving some questions regarding AADB2C custom policies, further analysis on extending the B2C tooling uncovered a wealth of info, and the culmination of feature updates for this tool has come from encountering several shortfalls
One of the first things we noticed is that the tooling... isn't that great.
Let's start with the Azure AD B2C VSCode Extension. For starters, VSCode handles XML about a little worse than Visual Studio ever did (with the exception of the BizTalk tooling, which stands as my favorite to this day). I'm not sure if this extension is supposed to make it better or worse, but the documentation purports to help support autocompletion, which in my experience doesn't work at all. It's also supposed to help compile policy files into different folders with values in them from a config file (think Dev, Prod, etc). After a couple of compilations, this blows up and stops working altogether.
The Woodgrove Groceries B2C Demo is a fantastic solution to look at for a B2C application implementation. The solution is well-organized and contains a Powershell script for uploading policies, which is functional but repetitive.
After reviewing these and other options, it was decided that a lot of functionality was either scattered across the web or not offered, so functionality now includes several critical features for building, verifying, compiling and publishing policy files to a tenant.
- Schema Validation. Validate policy files against the Identity Framework schema, which you can get from the B2C Policy Starter Pack
- Policy Compilation. Compile policies for one or more environment (dev, test, prod) using the
b2c.json
configuration file. Details for setup can be found in the README but the idea is simple - put{Settings:<YourKey>}
in all places where you need config values injected. - Policy Publishing. This policy will read all policy files, determine the publish order based on inheritance, and publish them into the specified environment in the required order. Effort was taken into pretty-printing the ugly error results given by the tenant if there are any issues with the policy files themselves.
- A 'compublish' option. This is merely the combination of compiling and publishing to the specified environment. Anything to save a step or two!
More commands enter the tooling over time as our own projects mature. We'll publish articles outlining a faster track on getting started with IEF once some milestones are reached on our end.
Enjoy!
Looking for help building Azure AD B2C policies or integrating your web application with Azure AD B2C? Contact us for a quote - not only is it free, but we can help you find what you're looking for at a better price than most consulting firms!