#Hi everyone, can someone give me

can you explain where the user account comes from?

like what does the login page look like? what is its domain? is it a ***.microsoft.com or ***.azure.com domain? or is it yours?

let's say the website that you visit to login ordinarily is abc.microsoft.com, where "microsoft" means anything that is a domain that you DO NOT OWN

only one of the following can be true:

• you login with ROCP aka direct authorization grant aka you post a username and password to a URL, and you get a token in exchange
• you login via a browser

everything else will fall over

in the scenario you described, as you can see with your question mark, there's no way for your backend server authenticate aka prove the identity of the unity user without ROCP aka posting the user credentials or a login via the browser

hmm, do you think we can have a quick chat in the voice channel as I think it could be easier to explain. This whole thing is pretty confusing to me.

there's nothing you can do. you have to login with a browser

there isn't anything to discuss really

i will use the real name for these things, there's an IdP, an identity provider, which is the place where users create accounts. if that IdP belongs to microsoft or is a microsoft service, you pretty much login via a browser

there's no alternative period full stop

if you want to support deeplinks you can use UWP

isn't the ROPC flow for azure browserless? It looks like it's a POST request that carries the users credentials with it

which user account are you referring to? The external user who's trying to use my application?

i mean the docs page for that is huge. you can see all the caveats. so for example if the IdP is configured to permit 2fa, you cannot use ROPC

that's why you just. have. to. login. with. browser

it's unavoidable

use a unity asset store asset that does this

and deploy to UWP to make it easier

the person who is trying to login

in your scenario

this part where you have "internal" users versus "external" users

those are made up words

what are you really trying to say? you can have a web api that has a service account, like any other backend application. is that what you mean by an internal user?

you can author your backend to do whatever it wants. it can decide in application code what user X can do, and then execute those commands using its own service account. it can pass the user X identity directly to an azure API and let the API decide, and not use a service account at all

if you're like, well i just wanna login with a username and password with a POST, there are a million IdPs that provide this, microsoft just isn't one of them 🙂

i know you're like well this is so obvious it must be possible

Let me just describe the flow I'm looking for if that's alright, cause this is a lot of information to unpackage.

Sounds like I want a service account. Basically, users will be able to create an account under my B2C tenant. This B2C tenant incldues both the Unity and web api applications. Since I want only the web api to have authority to access resources in this tenant, I'm guessing I would need the web api to be a service account like you're saying.

Say I don't want to have 2FA. Could I technically have a user register through their browser (which will create a user under my B2C tenant), and then have them login with ROPC via my Unity application? Once they're logged in, I would pass this token to my server who will validate their token. And then say this user wants to access their inventory or some shit. The server could then use its service account credentials to fetch this information for the Unity client.

None of this is obvious so I am very thankful that you're helping me out

You don't know what you don't know so I appreciate that you're pointing out the gaps in my knowledge

i'm not sure why you are using azure ad b2c at all

it sounds like you want ordinary usernames and passwords from literally anyone else who will eliminate this pain. you can use auth0

then your backend can live and operate in azure normally

Azure AD B2C isn't suitable for video game users at all

So what does Azure AD B2C offer that I'm not seeing?

Is it the ability to integrate logins via different idps?

i think it's the Active Directory part of AD

it makes sense if you are like, making a windows enterprise IT application

you should be using playfab or something

that explicitly has unity examples

I'm gonna ask some seemingly irrelevant questions now, but please bear with me.

lol np

i mean lemme ask you this, why are you using azure at all?

it's horrible

i thought you were making an industrial application, talking about something that literally has Active Directory in its name

Because I don't want to use AWS, but I still want to learn the concepts

and then you're saying inventory, so is this an ordinary game?

It's an ordinary game, yes

I want to do it just to learn it

alright i gotta go

lmao