Solved: How to integrate Azure AD B2C Login System with Ap...

theethanator86p · 12-04-2023 10:45 AM

Hello, right now my APIs are hosted by Azure Functions, and to access them users need to login using Azure AD B2C. The JWT token obtained from B2C is passed through to the Azure Functions allowing the users to access the functions. I'm considering switching from Azure's API Management service to Apigee, however I was wondering if there was a way I could integrate B2C's login system into Apigee's developer portal, instead of the default user management system. Thank you.

dchiesa1

OK, great, thanks for all that context.

I think

Using the Apigee developer portal with APIs that are managed in Azure API Management, is probably not feasible or worth exploring. The Apigee developer portal, in particular the Apigee Integrated Developer portal (hosted by Google) is integrated with the Apigee API Management control plane and gateway, such that when a user creates an API credential (like an API key or a key/secret pair) , that data is "known" at the gateway and can be validated there. The Apigee dev portal does not create credentials that will be "known" at the Azure API Management gateway or layer. As I understand it, using the Apigee dev portal with Azure would be similar to using the Azure dev portal with Apigee. It doesn't make sense to try that.

As I understand there is an open-source option for portals for Azure API Mgmt. I don't know anything about it other than what it says on that page. That might be worth exploring.

If you want a competitive tear-down of Apigee vs Azure APIM, I suggest you go to Gartner or Forrester, or the people that create such comparisons for a living. They have good insight into the options, and work with each vendor to "get it right". It's not the case that there is one that is "better", but there are different strengths for various options. I would say, generally, first order concerns: if you are all-in on Microsoft, like Azure Functions and like the rest of the Azure ecosystem, then use Azure APIM, and find or custom-build a portal that will work for you. On the other hand if you have a heterogeneous set of APIs to manage (not only on Azure), you want the advanced security (AI models applied to API traffic to discern threats or vulnerabilities), if you want a hub to manage APIs across their lifecycle from conception through design through deployment, if you like the Google IAM model.... Then Apigee API Management is probably a better choice. If you want Monetization, I think Apigee is probably the strongest choice, too. If you believe in the AI-as-applied-to-APIM roadmap that the Google/Apigee team has articulated, then again, worth looking at Apigee. If you want hybrid cloud deployment options, again Apigee. (I don't know if Azure APIM has such options). If you're not committed to Azure Functions but you like the serverless/cloud functions model, then maybe it's worth looking at Google Cloud Functions and Apigee.

Lots of people have simple requirements: "I want developers to signin to a portal with OpenID Connect, I want to enable them to create a credential, then I want the gateway to validate that credential or token"... that's pretty easy and every APIM system is going to be able to do that, including Apigee and Azure APIM. I would not say "Apigee is more user friendly" - I think that depends on the user and the particular experience.

I think the real reasons you might want to use Apigee are probably among those given above.

View solution in original post

dchiesa1

Hi,

Over the past few days, I noticed you have been asking a variety questions regarding Apigee + Azure. I think, in a reply to one of those prior quetions, I asked you "what is your goal?" Meaning , what business problem are you trying to solve? Why are you spending time and money in exploration of this particular problem? and I don't believe you gave a material response to that question

"How might I attach a carrot to a baseball hat?" might be a question that uncovers interesting technical challenges, or questions around epistemics or aesthetics. But supposing I am not principally interested in the particular technical challenges raised by that question, and I don't lean toward volunteering my time and attention to explore the philosophical issues, if you asked me that question, I might ask in response, "why do you want to explore the possibilities of attaching a carrot to a baseball hat?" There might be different answers to your original question, depending on the answer to the latter one.

Same thing here.

Are you working from a set of requirements, and can you articulate the relevant ones? Are there some obstacles you are facing that you're trying to address?

Maybe you could share some additional context.

theethanator86p

Hi,

Sure, I can give a more concrete response with more context. I'm sorry for the lack of clarification in my initial post!

Currently we're trying to have a good developer portal. Although Azure API Management service provides us with a developer portal at higher pricing tiers, we wanted to consider other options. Ultimately we're looking into features such as API Management, analytics for each API, and assigning consumers to various APIs while also preventing outside access to others.

Ultimately we want a scalable and secure API management service to make sure that when customers access our APIs, their information will be secure. I've been looking into Apigee lately and it appears very similar to API Management service however from my experience it's been a little more user-friendly. I'm trying to create a proof of concept using an Apigee proxy with and Azure Function and I've gotten quite far, however I've been trying to integrate B2C and I haven't quite been able to figure it out.

I'm also wondering if migrating over to Google Apigee would be worth it, does Google Apigee have any features that Azure API Management service does not have? If the two services are similar, then I was thinking that we could just stick with Azure APIM rather than making all of our Azure Function APIs work with another system.

dchiesa1

OK, great, thanks for all that context.

I think

Using the Apigee developer portal with APIs that are managed in Azure API Management, is probably not feasible or worth exploring. The Apigee developer portal, in particular the Apigee Integrated Developer portal (hosted by Google) is integrated with the Apigee API Management control plane and gateway, such that when a user creates an API credential (like an API key or a key/secret pair) , that data is "known" at the gateway and can be validated there. The Apigee dev portal does not create credentials that will be "known" at the Azure API Management gateway or layer. As I understand it, using the Apigee dev portal with Azure would be similar to using the Azure dev portal with Apigee. It doesn't make sense to try that.

As I understand there is an open-source option for portals for Azure API Mgmt. I don't know anything about it other than what it says on that page. That might be worth exploring.

If you want a competitive tear-down of Apigee vs Azure APIM, I suggest you go to Gartner or Forrester, or the people that create such comparisons for a living. They have good insight into the options, and work with each vendor to "get it right". It's not the case that there is one that is "better", but there are different strengths for various options. I would say, generally, first order concerns: if you are all-in on Microsoft, like Azure Functions and like the rest of the Azure ecosystem, then use Azure APIM, and find or custom-build a portal that will work for you. On the other hand if you have a heterogeneous set of APIs to manage (not only on Azure), you want the advanced security (AI models applied to API traffic to discern threats or vulnerabilities), if you want a hub to manage APIs across their lifecycle from conception through design through deployment, if you like the Google IAM model.... Then Apigee API Management is probably a better choice. If you want Monetization, I think Apigee is probably the strongest choice, too. If you believe in the AI-as-applied-to-APIM roadmap that the Google/Apigee team has articulated, then again, worth looking at Apigee. If you want hybrid cloud deployment options, again Apigee. (I don't know if Azure APIM has such options). If you're not committed to Azure Functions but you like the serverless/cloud functions model, then maybe it's worth looking at Google Cloud Functions and Apigee.

Lots of people have simple requirements: "I want developers to signin to a portal with OpenID Connect, I want to enable them to create a credential, then I want the gateway to validate that credential or token"... that's pretty easy and every APIM system is going to be able to do that, including Apigee and Azure APIM. I would not say "Apigee is more user friendly" - I think that depends on the user and the particular experience.

I think the real reasons you might want to use Apigee are probably among those given above.

theethanator86p

Thank you for your response, all of it was very thorough and informative! I think for now I'll stick with Azure API Management.

How to integrate Azure AD B2C Login System with Apigee Developer Portal?