# Install Azure CLI and Microsoft Graph PowerShell az login Install-Module Microsoft.Graph -Scope CurrentUser   # Analyze your B2C tenant az ad b2c tenant show --tenant-id <your-b2c-tenant-id>   # Get user statistics az rest --method GET \  --uri "https://graph.microsoft.com/v1.0/users/\$count" \  --headers "ConsistencyLevel=eventual"   # Analyze user attributes and custom policies az rest --method GET \  --uri "https://graph.microsoft.com/beta/identity/b2cUserFlows"

# PowerShell script for bulk user export Connect-MgGraph -Scopes "User.Read.All"   # Export all users with custom attributes $users = Get-MgUser -All -Property "id,displayName,givenName,surname,mail,userPrincipalName,identities,createdDateTime,lastSignInDateTime" -ExpandProperty "extensions"   # Convert to MojoAuth compatible format $mojoAuthUsers = @() foreach ($user in $users) {  $mojoUser = @{  external_id = $user.id  email = $user.mail  given_name = $user.givenName  family_name = $user.surname  display_name = $user.displayName  created_at = $user.createdDateTime  last_login = $user.lastSignInDateTime  email_verified = $true # Azure B2C users are pre-verified    # Handle social identities  identities = @()  app_metadata = @{}  user_metadata = @{}  }    # Process social identities  foreach ($identity in $user.identities) {  if ($identity.signInType -eq "federated") {  $mojoUser.identities += @{  provider = $identity.issuer  user_id = $identity.issuerAssignedId  }  }  }    # Extract custom attributes (B2C extension properties)  $extensions = $user.AdditionalProperties | Where-Object { $_.Key -like "extension_*" }  foreach ($ext in $extensions) {  $attributeName = $ext.Key -replace "extension_[a-f0-9]{32}_", ""  $mojoUser.user_metadata[$attributeName] = $ext.Value  }    $mojoAuthUsers += $mojoUser }   # Export to JSON $mojoAuthUsers | ConvertTo-Json -Depth 10 | Out-File -FilePath "azure_b2c_users_export.json"

# Alternative: Use Azure B2C's built-in export functionality curl -X POST "https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.AzureActiveDirectory/b2cDirectories/{tenant-name}.onmicrosoft.com/jobs" \  -H "Authorization: Bearer {access-token}" \  -H "Content-Type: application/json" \  -d '{  "jobType": "ExportUsers",  "outputFormat": "JSON",  "includeCustomAttributes": true  }'

// Node.js transformation script const fs = require('fs');   async function transformAzureB2CUsers(inputFile) {  const azureUsers = JSON.parse(fs.readFileSync(inputFile, 'utf8'));    const transformedUsers = azureUsers.map(user => {  // Base user object for MojoAuth  const mojoAuthUser = {  // Core identity fields  external_id: user.id,  email: user.mail || extractEmailFromIdentities(user.identities),  given_name: user.givenName,  family_name: user.surname,  name: user.displayName,    // Authentication metadata  email_verified: true, // B2C users are pre-verified  phone_verified: false, // Check if phone verification was used    // Timestamps  created_at: user.createdDateTime,  updated_at: new Date().toISOString(),    // Social connections  identities: transformSocialIdentities(user.identities),    // Custom data  app_metadata: {  migration_source: 'azure_b2c',  migration_date: new Date().toISOString(),  azure_b2c_id: user.id,  original_tenant: user.userPrincipalName?.split('@')[1]  },    user_metadata: transformCustomAttributes(user)  };    // Handle phone number if present  if (user.mobilePhone || user.businessPhones?.length > 0) {  mojoAuthUser.phone_number = user.mobilePhone || user.businessPhones[0];  }    return mojoAuthUser;  });    return transformedUsers; }   function extractEmailFromIdentities(identities) {  // Extract email from various identity types  const emailIdentity = identities?.find(id =>   id.signInType === 'emailAddress' ||   id.signInType === 'userName'  );  return emailIdentity?.issuerAssignedId; }   function transformSocialIdentities(identities) {  return identities  ?.filter(id => id.signInType === 'federated')  ?.map(id => ({  provider: mapAzureProviderToMojoAuth(id.issuer),  user_id: id.issuerAssignedId,  connected_at: new Date().toISOString()  })) || []; }   function mapAzureProviderToMojoAuth(azureProvider) {  const providerMap = {  'facebook.com': 'facebook',  'accounts.google.com': 'google',  'login.microsoftonline.com': 'microsoft',  'github.com': 'github',  'linkedin.com': 'linkedin',  'twitter.com': 'twitter'  };    return providerMap[azureProvider] || azureProvider; }   function transformCustomAttributes(user) {  const customAttributes = {};    // Extract B2C extension properties  Object.keys(user).forEach(key => {  if (key.startsWith('extension_')) {  // Remove the extension prefix and app ID  const cleanKey = key.replace(/extension_[a-f0-9]{32}_/, '');  customAttributes[cleanKey] = user[key];  }  });    return customAttributes; }   // Execute transformation transformAzureB2CUsers('azure_b2c_users_export.json')  .then(users => {  fs.writeFileSync(  'mojoauth_import_ready.json',   JSON.stringify(users, null, 2)  );  console.log(`Transformed ${users.length} users for MojoAuth import`);  })  .catch(console.error);

// Validation script function validateMojoAuthImport(users) {  const validationResults = {  total_users: users.length,  valid_users: 0,  errors: [],  warnings: []  };    users.forEach((user, index) => {  let isValid = true;    // Required field validation  if (!user.email) {  validationResults.errors.push({  user_index: index,  field: 'email',  message: 'Email is required'  });  isValid = false;  }    // Email format validation  if (user.email && !isValidEmail(user.email)) {  validationResults.errors.push({  user_index: index,  field: 'email',  message: 'Invalid email format'  });  isValid = false;  }    // Check for duplicate emails  const duplicateIndex = users.findIndex((u, i) =>   i !== index && u.email === user.email  );  if (duplicateIndex !== -1) {  validationResults.warnings.push({  user_index: index,  message: `Duplicate email found at index ${duplicateIndex}`  });  }    // Validate social identities  if (user.identities) {  user.identities.forEach((identity, idIndex) => {  if (!identity.provider || !identity.user_id) {  validationResults.errors.push({  user_index: index,  field: `identities[${idIndex}]`,  message: 'Social identity missing provider or user_id'  });  isValid = false;  }  });  }    if (isValid) {  validationResults.valid_users++;  }  });    return validationResults; }   function isValidEmail(email) {  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;  return emailRegex.test(email); }

// MojoAuth bulk import const axios = require('axios');   class MojoAuthBulkImporter {  constructor(apiKey, baseUrl = 'https://api.mojoauth.com') {  this.apiKey = apiKey;  this.baseUrl = baseUrl;  this.batchSize = 1000; // Process in batches for large datasets  }    async importUsers(users) {  console.log(`Starting import of ${users.length} users...`);    const batches = this.createBatches(users, this.batchSize);  const results = [];    for (let i = 0; i < batches.length; i++) {  const batch = batches[i];  console.log(`Processing batch ${i + 1}/${batches.length} (${batch.length} users)`);    try {  const batchResult = await this.importBatch(batch);  results.push(batchResult);    // Add delay between batches to respect rate limits  await this.sleep(1000);  } catch (error) {  console.error(`Batch ${i + 1} failed:`, error.message);  results.push({  batch: i + 1,  success: false,  error: error.message,  users_attempted: batch.length  });  }  }    return this.summarizeResults(results);  }    async importBatch(users) {  const response = await axios.post(  `${this.baseUrl}/api/v2/users/bulk-import`,  {  users,  upsert: true, // Update existing users  send_verification_email: false // Don't send emails during migration  },  {  headers: {  'Authorization': `Bearer ${this.apiKey}`,  'Content-Type': 'application/json'  },  timeout: 60000 // 60 second timeout for large batches  }  );    return {  success: true,  imported_count: response.data.imported_count,  updated_count: response.data.updated_count,  failed_count: response.data.failed_count,  errors: response.data.errors || []  };  }    createBatches(array, batchSize) {  const batches = [];  for (let i = 0; i < array.length; i += batchSize) {  batches.push(array.slice(i, i + batchSize));  }  return batches;  }    sleep(ms) {  return new Promise(resolve => setTimeout(resolve, ms));  }    summarizeResults(results) {  const summary = {  total_batches: results.length,  successful_batches: results.filter(r => r.success).length,  total_imported: results.reduce((sum, r) => sum + (r.imported_count || 0), 0),  total_updated: results.reduce((sum, r) => sum + (r.updated_count || 0), 0),  total_failed: results.reduce((sum, r) => sum + (r.failed_count || 0), 0),  errors: results.flatMap(r => r.errors || [])  };    console.log('Migration Summary:', summary);  return summary;  } }   // Execute import async function runBulkImport() {  const users = JSON.parse(fs.readFileSync('mojoauth_import_ready.json', 'utf8'));  const importer = new MojoAuthBulkImporter(process.env.MOJOAUTH_API_KEY);    const results = await importer.importUsers(users);    // Save results for audit trail  fs.writeFileSync(  'migration_results.json',  JSON.stringify(results, null, 2)  );    console.log('Bulk import completed!'); }   runBulkImport().catch(console.error);

<!-- B2C_1A_JIT_MojoAuth_Migration.xml --> <TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xmlns:xsd="http://www.w3.org/2001/XMLSchema"  xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06"  PolicySchemaVersion="0.3.0.0"  TenantId="yourtenant.onmicrosoft.com"  PolicyId="B2C_1A_JIT_MojoAuth_Migration"  PublicPolicyUri="http://yourtenant.onmicrosoft.com/B2C_1A_JIT_MojoAuth_Migration">    <BasePolicy>  <TenantId>yourtenant.onmicrosoft.com</TenantId>  <PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>  </BasePolicy>    <ClaimsProviders>  <ClaimsProvider>  <DisplayName>MojoAuth Migration Service</DisplayName>  <TechnicalProfiles>  <TechnicalProfile Id="MojoAuth-Migration-API">  <DisplayName>MojoAuth User Migration</DisplayName>  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />  <Metadata>  <Item Key="ServiceUrl">https://your-migration-service.com/api/migrate-user</Item>  <Item Key="SendClaimsIn">Body</Item>  <Item Key="AuthenticationType">Bearer</Item>  <Item Key="UseClaimAsBearerToken">migrationToken</Item>  </Metadata>  <InputClaims>  <InputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="azure_b2c_id" />  <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />  <InputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />  <InputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name" />  <InputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />  </InputClaims>  <OutputClaims>  <OutputClaim ClaimTypeReferenceId="mojoAuthUserId" PartnerClaimType="user_id" />  <OutputClaim ClaimTypeReferenceId="migrationStatus" PartnerClaimType="status" />  </OutputClaims>  </TechnicalProfile>  </TechnicalProfiles>  </ClaimsProvider>  </ClaimsProviders>    <UserJourneys>  <UserJourney Id="SignUpOrSignInWithMigration">  <OrchestrationSteps>  <!-- Standard B2C authentication -->  <OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">  <ClaimsProviderSelections>  <ClaimsProviderSelection TargetClaimsExchangeId="LocalAccountSigninEmailExchange" />  </ClaimsProviderSelections>  </OrchestrationStep>    <!-- Migration step - call MojoAuth after successful authentication -->  <OrchestrationStep Order="2" Type="ClaimsExchange">  <Preconditions>  <Precondition Type="ClaimsExist" ExecuteActionsIf="false">  <Value>objectId</Value>  <Action>SkipThisOrchestrationStep</Action>  </Precondition>  </Preconditions>  <ClaimsExchanges>  <ClaimsExchange Id="MigrateToMojoAuth" TechnicalProfileReferenceId="MojoAuth-Migration-API" />  </ClaimsExchanges>  </OrchestrationStep>    <!-- Issue token -->  <OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />  </OrchestrationSteps>  </UserJourney>  </UserJourneys> </TrustFrameworkPolicy>

// Express.js migration service const express = require('express'); const axios = require('axios'); const app = express();   app.use(express.json());   // JIT Migration endpoint called by Azure B2C custom policy app.post('/api/migrate-user', async (req, res) => {  try {  const {  azure_b2c_id,  email,  given_name,  family_name,  name  } = req.body;    // Check if user already exists in MojoAuth  const existingUser = await checkMojoAuthUser(email);    if (existingUser) {  return res.json({  user_id: existingUser.id,  status: 'existing',  message: 'User already migrated'  });  }    // Create new user in MojoAuth  const mojoAuthUser = await createMojoAuthUser({  email,  given_name,  family_name,  name: name || `${given_name} ${family_name}`,  email_verified: true,  app_metadata: {  migration_source: 'azure_b2c_jit',  migration_date: new Date().toISOString(),  azure_b2c_id  }  });    // Log successful migration  console.log(`JIT Migration successful: ${email} -> ${mojoAuthUser.id}`);    res.json({  user_id: mojoAuthUser.id,  status: 'migrated',  message: 'User successfully migrated to MojoAuth'  });    } catch (error) {  console.error('JIT Migration failed:', error);  res.status(500).json({  status: 'error',  message: 'Migration failed',  error: error.message  });  } });   async function checkMojoAuthUser(email) {  try {  const response = await axios.get(  `${process.env.MOJOAUTH_API_URL}/api/v2/users`,  {  params: { q: `email:"${email}"` },  headers: {  'Authorization': `Bearer ${process.env.MOJOAUTH_API_KEY}`  }  }  );    return response.data.users?.[0];  } catch (error) {  if (error.response?.status === 404) {  return null; // User doesn't exist  }  throw error;  } }   async function createMojoAuthUser(userData) {  const response = await axios.post(  `${process.env.MOJOAUTH_API_URL}/api/v2/users`,  userData,  {  headers: {  'Authorization': `Bearer ${process.env.MOJOAUTH_API_KEY}`,  'Content-Type': 'application/json'  }  }  );    return response.data; }   app.listen(3000, () => {  console.log('Migration service running on port 3000'); });

// Azure B2C MSAL configuration import { PublicClientApplication } from '@azure/msal-browser';   const msalConfig = {  auth: {  clientId: 'your-b2c-app-id',  authority: 'https://yourtenant.b2clogin.com/yourtenant.onmicrosoft.com/B2C_1_SignUpOrSignIn',  redirectUri: 'http://localhost:3000'  } };   const msalInstance = new PublicClientApplication(msalConfig);

// MojoAuth configuration import MojoAuth from 'mojoauth-web-sdk';   const mojoauth = new MojoAuth({  apiKey: 'your-mojoauth-api-key',  source: [{ type: 'email', feature: 'magiclink' }],  redirectUrl: 'http://localhost:3000/callback' });   // Initialize passwordless authentication mojoauth.signIn().then(response => {  console.log('Authentication successful:', response); }).catch(error => {  console.error('Authentication failed:', error); });

// Token validation middleware update const jwt = require('jsonwebtoken'); const jwksClient = require('jwks-rsa');   // Before: Azure B2C token validation const azureB2CClient = jwksClient({  jwksUri: 'https://yourtenant.b2clogin.com/yourtenant.onmicrosoft.com/B2C_1_SignUpOrSignIn/discovery/v2.0/keys' });   // After: MojoAuth token validation const mojoAuthClient = jwksClient({  jwksUri: 'https://api.mojoauth.com/.well-known/jwks.json' });   function validateMojoAuthToken(token) {  return new Promise((resolve, reject) => {  jwt.verify(token, getKey, {  audience: process.env.MOJOAUTH_CLIENT_ID,  issuer: 'https://api.mojoauth.com',  algorithms: ['RS256']  }, (err, decoded) => {  if (err) reject(err);  else resolve(decoded);  });  }); }   function getKey(header, callback) {  mojoAuthClient.getSigningKey(header.kid, (err, key) => {  const signingKey = key.publicKey || key.rsaPublicKey;  callback(null, signingKey);  }); }

// Validation script to compare Azure B2C and MojoAuth data async function validateMigration() {  console.log('Starting post-migration validation...');    const azureUsers = await getAzureB2CUsers();  const mojoAuthUsers = await getMojoAuthUsers();    const validation = {  total_azure_users: azureUsers.length,  total_mojoauth_users: mojoAuthUsers.length,  matched_users: 0,  missing_users: [],  data_mismatches: []  };    for (const azureUser of azureUsers) {  const mojoUser = mojoAuthUsers.find(u =>   u.app_metadata?.azure_b2c_id === azureUser.id ||  u.email === azureUser.mail  );    if (!mojoUser) {  validation.missing_users.push({  azure_id: azureUser.id,  email: azureUser.mail  });  } else {  validation.matched_users++;    // Validate data consistency  const mismatches = validateUserData(azureUser, mojoUser);  if (mismatches.length > 0) {  validation.data_mismatches.push({  azure_id: azureUser.id,  mojoauth_id: mojoUser.id,  email: azureUser.mail,  mismatches  });  }  }  }    // Generate validation report  const report = {  timestamp: new Date().toISOString(),  validation_results: validation,  success_rate: (validation.matched_users / validation.total_azure_users) * 100  };    console.log('Validation Report:', report);    // Save validation report  require('fs').writeFileSync(  'migration_validation_report.json',  JSON.stringify(report, null, 2)  );    return report; }   function validateUserData(azureUser, mojoUser) {  const mismatches = [];    // Check email  if (azureUser.mail !== mojoUser.email) {  mismatches.push({  field: 'email',  azure_value: azureUser.mail,  mojoauth_value: mojoUser.email  });  }    // Check name fields  if (azureUser.givenName !== mojoUser.given_name) {  mismatches.push({  field: 'given_name',  azure_value: azureUser.givenName,  mojoauth_value: mojoUser.given_name  });  }    if (azureUser.surname !== mojoUser.family_name) {  mismatches.push({  field: 'family_name',  azure_value: azureUser.surname,  mojoauth_value: mojoUser.family_name  });  }    return mismatches; }

// Load testing for authentication endpoints const axios = require('axios');   async function performLoadTest() {  const testUsers = [  { email: '[email protected]' },  { email: '[email protected]' },  // Add more test users  ];    const results = {  total_requests: 0,  successful_requests: 0,  failed_requests: 0,  average_response_time: 0,  errors: []  };    const startTime = Date.now();    // Concurrent authentication requests  const promises = testUsers.map(async (user) => {  const requestStart = Date.now();    try {  await mojoauth.signIn({   email: user.email,  redirect_url: 'http://localhost:3000/test'  });    results.successful_requests++;  return Date.now() - requestStart;  } catch (error) {  results.failed_requests++;  results.errors.push({  user: user.email,  error: error.message  });  return null;  }  });    const responseTimes = await Promise.all(promises);  const validTimes = responseTimes.filter(time => time !== null);    results.total_requests = testUsers.length;  results.average_response_time = validTimes.reduce((sum, time) => sum + time, 0) / validTimes.length;  results.total_duration = Date.now() - startTime;    console.log('Load Test Results:', results);  return results; }

// Rollback service class MigrationRollback {  constructor() {  this.rollbackLog = [];  }    async initiateRollback(rollbackReason) {  console.log(`Initiating rollback due to: ${rollbackReason}`);    // 1. Switch DNS/load balancer back to Azure B2C  await this.switchTrafficToAzureB2C();    // 2. Pause MojoAuth user creation  await this.pauseMojoAuthMigration();    // 3. Notify stakeholders  await this.notifyStakeholders(rollbackReason);    // 4. Generate rollback report  const report = await this.generateRollbackReport();    console.log('Rollback completed:', report);  return report;  }    async switchTrafficToAzureB2C() {  // Update application configuration  const config = {  auth_provider: 'azure_b2c',  azure_b2c_tenant: process.env.AZURE_B2C_TENANT,  azure_b2c_policy: process.env.AZURE_B2C_POLICY,  mojoauth_enabled: false  };    // Deploy configuration update  await this.updateApplicationConfig(config);    this.rollbackLog.push({  timestamp: new Date().toISOString(),  action: 'traffic_switched_to_azure_b2c',  status: 'completed'  });  }    async pauseMojoAuthMigration() {  // Disable JIT migration endpoint  await this.disableJITMigration();    // Stop any ongoing bulk imports  await this.stopBulkImports();    this.rollbackLog.push({  timestamp: new Date().toISOString(),  action: 'mojoauth_migration_paused',  status: 'completed'  });  } }