What is the easiest way to authorize access to a static html with azure AD B2C?

Question

I have a collection of static html files, I would like to share with clients signed into my Azure AD B2C.

What would be the best method of doing so?

Ideally, the solution could also read certain claims from the token and decide which html files the client is authorized to access. My Azure AD B2C is configured in a way, where only legitimate customers can get accounts. I would now want to grant them access to the documentation of the products they own. These are provided in the Token as a string Array.

Answer 1

The best way I can think of to do this is to create a lightweight Azure App Service that can handle the authorization piece and control role-based access by directory for the static files. As stated by Hari Krishna, you're going to need some form of Javascript platform for retrieving an access token using the Auth code w/ PKCE flow. Once you have an access token, App Service can control access to your directory based on the user's role present on the token.

Answer 2

For your scenario the most supported scenario will be Auth code PKCE flow. Which is helps you to authenticate with the help of any JavaScript platform and no backend programming is required. Also, Make sure each page is authenticated since , this flow is designed for single page application.