Azure AD B2C PURL Functionality
We are currently working with a client in the UK and they wanted to explore the options of replacing their IAM functionality from ForgeRock to the Azure). As part of our POC, one area we identified they wanted to explore was PURL functionality using Azure B2C.
In essence the client specifically want to be able to send emails to their customers with a PURL that allows them to carry out a one-time specific function and that function only. For example renewing their services with the client and once complete, that session ends. The links below describe in a little more detail
Therefore the customer would click on the PURL in the email, renew their existing services deal and then end the function. If they needed to log back into the account they would have to go through the usual web application to do so.
The ideal scenario backend process scenario would be:
1 – user receives via email a “magic link (PURL)” with an encrypted token pointing to azure b2c endpoint. The link or token would contain a redirect url, a specific profile and some arbitrary data
2 – on click, azure decrypts the token and checks the information associated with the profile
3 – azure b2c redirects to the destination url with a valid id_token to load the expected page (including any custom data in the claim, according to profile)
4 – destination application would be responsible for checking the arbitrary data and authorizing or declining
Our client is relatively large and hoping that Microsoft would listen to this suggestion for a future product enhancement. We have already discussed the options with Jose Rojas and hope discussions to turn into a product feature.