Joomla OAuth Client Integration with Azure AD B2C

Overview

The Joomla OAuth Client plugin uses the OAuth protocol to provide secure access to Joomla sites by enabling Azure AD B2C as the OAuth provider, simplifying the login process. This integration allows users to log in with their Azure AD B2C credentials, eliminating the need for multiple passwords. The plugin also features user profile attribute mapping, role mapping, and Azure multi-tenant login for access based on organizational roles. For more details about the features of the Joomla OAuth & OpenID Connect Client plugin, please visit our page here. Follow the steps below to set up Azure AD B2C OAuth SSO with Joomla.

Configuration Steps

In this configuration, Azure AD B2C functions as the OAuth server, while Joomla allows users to log in with their Azure AD B2C credentials by utilizing the Joomla OAuth Client Plugin.

Step 2: Configure Azure AD B2C as OAuth Server

• Log into the Azure Dashboard.
• Click on Azure AD B2C under Azure services.

• Please make sure you are in the Azure AD B2C directory with an active subscription and if not, you can switch to the correct directory.

• In the Essentials tab, you will find the Azure B2C domain name, keep it handy, you will need it later for configuring the Azure B2C tenant name under Joomla as an OAuth client.

• Now, click on App registrations and then click on the New registration option to create a new Azure B2C application.

• Configure the following options to create a new application:
• Enter a name for your application under the Name text field.
• In supported account types, select 3rd option ‘Accounts in any identity provider or organizational directory (for authenticating users with user flows)’.
• In the Redirect URI section, select the Web application and enter the Callback URL from the miniOrange OAuth Client plugin (Configure OAuth tab) and save it under the Redirect URL textbox.
• Click on the Register button to create your application.

Step 3: Configure Client ID & Secret

• Now go to the Overview tab of your registered application. Here, copy the Application ID and the Directory ID, this will be your Client ID and Tenant ID respectively.

• Go to Certificates and Secrets from the left navigation pane and click on New Client Secret. Enter description and expiration time and click on Add option.

• Copy the secret value from certificates & secrets page and keep it handy, you will need it later for configuring the Client Secret under Joomla as an OAuth Client plugin.

• Go back to your Joomla Dashboard. Then go to Step 2 [Client ID & Secret].
• Paste the Client ID, Client Secret and Domain. Also Set Client Credentials In header then click on Save Settings. Once Settings are saved then click on Save Configuration.

• If you want to Enable Scopes, you can follow the following steps:
• Go to Application -> Select the application where you want to enable scopes. Now, Go to the API Permissions tab.



• Click on the Add permission button, and then Microsoft Graph API -> Delegated Permissions and select openid, Profile scope and click on the Add Permissions button.



• Click on the Grant admin consent for Default Directory button.

Scope	Openid email Profile
Authorize Endpoint	https://<domain-name>.b2clogin.com/<domain-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/authorize
Access Token Endpoint	https://<domain-name>.b2clogin.com/<domain-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/token
Get User Info Endpoint	https://graph.microsoft.com/v1.0/me
Set Client Credentials	In Both (In Header and In Body)