I have the idea to develop an application that allows developers and website administrators to view and edit Azure B2C custom properties and extension attributes for a while now. Viewing these properties is not an option in the Azure B2C portal and the only other way to view these properties associated to a user would be to either write your own app or go through a tedious OAuth 2 process to view the data in Postman or some other REST process. I see this as an opportunity to develop something that provides value to administrators of Azure B2C user stores.
Since having this idea I've driven myself mad trying to decide what type of application I was going to build and deploy. It first started out by creating a full website, then a Razor Class Library and now I made the decision to release it as a full on SaaS app. Initially I thought of the developers first, I wanted to create something that would allow a developer to drop the package into their solution and get up and going. But when I started to implement that solution I ran into specific set up steps that require little updates all over the place and it became more complicated than I wanted it to be. Then I went with a fully compiled website that anyone could drop into their environment and get moving. I backed off that idea quickly after realizing you would need to have an entire team set this up; you'd need to have a server set up, then domain routing and not to mention there was no security around the thing.
So, I've finally landed on creating a SaaS app. My only hesitation with a SaaS app was that I require the user to enter a client id and client secret into my application. My application then uses those credentials to authenticate with Azure B2C using the client credentials OAuth 2 flow. I made the executive decision to try it out and see what users preferences were. Essentially, get this out the door and see if people kick back the idea of storing these credentials in my environment - technically these will be saved in Azure Key Vault, not my environment. But handing over keys that can access the Azure B2C users store is not something I think anyone will take lightly. Therefore, I am making sure to follow all the best security practices in my app so that if the site were ever compromised the client credentials would remain as safe as possible.
I'm about two weeks away from launching the full SaaS app that I have been working on. Depending on my client workload. There are a few items left on the roadmap that I need to configure before I can deploy. The items are as follows:
- Finalize self service of subscription management via Stripe API for .Net
- Store and retrieve client id, client secret and b2c app id in Azure Key Vault
- Ability to add other users to your organization/subscription
Now that I think about it, I'm going to do a little soft launch/beta to test how the site is flowing and functioning before doing an all out push. If you are reading this and want to be a tester, drop me an email at clint@parkasoftware.com and I will get you sign up for free.
So close! I'm really excited to see this product launched and in the wild!