I followed all the steps as mentioned in the readme and looks like this is applicable for non B2C tenants. Correct me if I am wrong!

Whats the best way to tweak this to make it work for B2C user?

I tried registering another application in the portal and use that as one of the scope and able to get the access_token. But I am not able to call the /me endpoint as mentioned in microsoft_auth.rb @raw_info ||= access_token.get('https://graph.microsoft.com/v1.0/me').parsed. I am getting InvalidAuthenticationToken error. So I tried calling /users endpoint @raw_info ||= access_token.get('https://graph.microsoft.com/.default').parsed , still no luck.

I tried in postman to get the access_token passing the code, I am having same issue when I use the access_token generated from postman to access those endpoints.

It will be really helpful if you can suggest me on how to move forward.

B2C users cannot call Microsoft Graph. Usage of Microsoft Graph is very limited in B2C tenants. Basically only admins in B2C can use Graph, and only to manage users, policies, and sign-ins. See https://docs.microsoft.com/azure/active-directory-b2c/microsoft-graph-operations and https://docs.microsoft.com/azure/active-directory-b2c/microsoft-graph-get-started

So yes, if you're logging in as a B2C user, this won't work.

@jasonjoh
Thanks Jason for looking into it. I have couple of questions and pretty confused here.

In this case, I will not able to use "omniauth-oauth2" for handling sign-in and OAuth token flows, right?
As per https://docs.microsoft.com/azure/active-directory-b2c/microsoft-graph-get-started , I have to use client credentails grant flow to get access token.

Am I supposed to register another backend application to use client crdentials? This is where I am confused. I understand this can be done if an application is SPA like Angular and uses another application for backend. But Ruby on rails architecture comes with both front end & backend as a full stack. How can we use client credentials for a single application registered on Azure B2C?

Is there any gem I can use in my ROR project to integrate with B2C or what modifications has to be in OmniAuth Strategy to achieve this?
Any help is much appreciated.

AFAIK omniauth doesn't do client credentials flow. I don't know of any Ruby gem that does, but that's just because I haven't researched it. There likely are gems out there that do it.

For client credentials flow you only need a single app registration, as it is headless and needs no interaction. It will need an admin to consent, which they can do in the Azure portal.

If you want to have a web front-end that a user signs into to drive this process, then you would need a separate app registration for that, assuming you want to sign in using Microsoft identity platform.

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.