堆栈内存溢出
  简体   繁体   English

登录后是Azure AD B2C Graph API吗?

[英]Azure AD B2C Graph API following login?

 原文  2017-02-13 19:00:44       azure/ azure-active-directory/ azure-ad-b2c

问题描述

We are using Azure AD B2C on a customer facing website. 我们正在面向客户的网站上使用Azure AD B2C。 Users can complete a sign-up policy to register an account, and this is working successfully, with the isNew claim coming back when the user first completes the policy. 用户可以完成一个注册策略来注册一个帐户,并且该策略已经成功运行,当用户首次完成该策略时,isNew声明会再次出现。

We want to add the user to a specific group on first login, based on some business logic. 我们希望基于某些业务逻辑将用户首次登录时添加到特定组。 As I envision it, we will just add a handler for the SecurityTokenValidated notification, look at the isNew claim, and then update the new user as needed. 在我的预想中,我们将仅为SecurityTokenValidated通知添加处理程序,查看isNew声明,然后根据需要更新新用户。

This appears to require use of the Graph API, but I'm unclear on how to finish setting up the AD B2C tenant and configure the Graph API to work server side in this case. 这似乎需要使用Graph API,但是在这种情况下,我不清楚如何完成AD B2C租户的设置以及如何配置Graph API以在服务器端工作。 How should I approach this case where the site needs to interact with the Graph API while the user is logged in? 在用户登录时网站需要与Graph API进行交互的情况下,我该如何处理?

Thanks for any pointers/examples. 感谢您的任何指示/示例。

1 个解决方案

解决方案1
 1  2017-02-14 06:09:53

How should I approach this case where the site needs to interact with the Graph API while the user is logged in? 在用户登录时网站需要与Graph API进行交互的情况下,我该如何处理?

As far as I know, the Azure AD B2C tenant only support the client credential flow to acquire the token for the Azure AD Graph. 据我所知,Azure AD B2C租户仅支持客户端凭据流来获取Azure AD Graph的令牌。

At present, the OAuth2.0 authorization code flow for Azure AD B2C only support to acquire the token for your app's own backend web API(refer here ). 目前,Azure AD B2C的OAuth2.0授权代码流仅支持获取应用程序自己的后端Web API的令牌(请参阅此处 )。

So in your scenario, you are not able to get the access token when the web app startup. 因此,在您的情况下,Web应用程序启动时将无法获取访问令牌。 You can get the app-only token when you needed. 您可以在需要时获取仅应用令牌。 And as Shawn Tabrizi mentioned, if you were using the Active Directory Authentication Library, it will manage the lifetime of token using token cache by default. 正如Shawn Tabrizi所述,如果您使用的是Active Directory身份验证库,则默认情况下它将使用令牌缓存来管理令牌的生存期。

More detail about Client Credential flow, you can refer this document those it works for the Microsoft Graph, however it is easy to change the resource to Azure AD Graph. 有关客户端凭据流的更多详细信息,您可以参考适用于Microsoft Graph的文档 ,但是将资源更改为Azure AD Graph很容易。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何从Azure B2C Owin登录名跳转到AD图形API - How to jump from Azure B2C Owin login to the AD graph API 如何在不使用Microsoft页面的情况下在Azure AD B2C中使用graph api进行社交登录? - How to use graph api for social login in Azure AD B2C without using Microsoft page? 使用Graph API在Azure AD B2C上对用户进行身份验证 - Authenticate a user on Azure AD B2C using Graph API Azure AD B2C Graph API 401 未经授权 - Azure AD B2C Graph API 401 Unauthorized Azure AD B2C应用程序-如何调用图谱API? - Azure AD B2C Application - How to call Graph API? Azure AD B2C 审核日志 - 图形 API - Azure AD B2C Audit Logs - Graph API Azure AD B2C 使用图形创建用户 API 错误 - Azure AD B2C Create User with the Graph API error Azure AD B2C 应用程序注册图 API — 说明 - Azure AD B2C App Registration Graph API — Clarification 使用Graph API(Azure AD B2C)更改密码 - Change password using Graph API (Azure AD B2C) 使用Graph API的Azure AD B2C创建用户 - Azure AD B2C Create User with the Graph API
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM