I have what seems on the face of it a simple requirement when using Azure AD B2C. I have two applications (App A and App B) registered in Azure AD B2C. I want to restrict access so that User 1 can access both App A and App B, but User 2 should only be able to access App A.
I can register appRoleAssignments and assign them to a user via the Azure AD Graph API with a zero id as per this question When a user logs in, I can then query these and restrict access myself, but it feels like I'm reinventing the wheel and this should be provided by B2C.
Is this something Azure AD B2C is able to provide out of the box?