How to Create User in Azure AD B2C by using Microsoft Graph and Java

Azure Active Directory (AD) B2C is a useful user identity provider to support user registration, authentication and authorization flow for your applications. For your web apps, the user registration page can be rendered by Azure AD B2C and the page visitors can register themselves there into your apps. However, sometimes your apps would like just to generate one-time users who do not want to register themselves manually. In this case, you will need to create users programmatically in Azure AD B2C. Let me show you how I have done it in Spring Boot/Java 11.

First, of course, I created an Azure AD B2C. I pseudonymized the name here to “xyz”.

Secondly, I clicked “Open B2C Tenant” to configure it in detail. I registered an app by clicking on the “App registrations”:

I named it “abc”:

Please note that the Application (client) ID has been generated automatically by Azure, so that the “Application ID URI” is: “https://xyz.onmicrosoft.com/<appliation (client) Id”, where the “xyz” is the AD B2C name I created on the first step.

Thirdly, I added the API permissions via clicking on the “API permissions” in the menu on the left side:

Then clicked on “Add a permission”,

in order to add a “Microsoft Graph” API:

I selected “Application permissions” because the API would be called by my program instead of any real user.

In the permission list, I selected “User.ReadWrite.All” to allow the creation of the users.

Fourthly, after the newly added permission appeared in the permission list, I have granted the admin consent:

Fifthly, I created a client secret:

OK, then I completed the configuration part on Azure AD B2C.

To call the API, I created my Java class in a Spring Boot project to create a user based on the Microsoft Azure Java example: Create User — Microsoft Graph v1.0 | Microsoft Docs

The following code is my pom.xml:

The service class:

After running it by using a controller trigger, I eventually got the user created on Azure AD B2C. I checked it on the Azure Admin Console:

It was not very easy to me find a complete tutorial on Google for this process from head to toe, especially because Java is not the first class citizen on Azure, so I have written it down here for you and for me. I hope it is helpful for us.

The complete code example can be found in the GitHub repository.

References:

The following articles solved my problems during the programming:

[1] https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-acquire-token?tabs=dotnet

[2] https://docs.microsoft.com/en-us/answers/questions/491919/34code3434invalidauthenticationtoken3434message343.html

[3] https://docs.microsoft.com/en-us/answers/questions/197819/34insufficient-privileges-to-complete-the-operatio.html

[4] https://social.msdn.microsoft.com/Forums/en-US/438bf45c-8869-4ac4-b91a-cb0330a4ff29/userprinciplename-is-invalid?forum=WindowsAzureAD