在自定义策略中获取 Azure AD B2C 范围
[英]Get the Azure AD B2C scope in the custom policy
问题描述
I try to create a custom policy and I want to get some claims and send its to my REST API.
我尝试创建一个自定义策略,我想获得一些声明并将其发送到我的 REST API。 My API is called with email, givenName, etc... but claims passed by query string like client_id, resource_id and mostly scope are empty.我的 API 是用电子邮件、givenName 等调用的……但是通过查询字符串(如 client_id、resource_id 和大多数范围)传递的声明是空的。
I found a workaround to get the client_id here : Get the Azure AD B2C Application client id in the custom policy我在这里找到了获取 client_id 的解决方法: Get the Azure AD B2C Application client id in the custom policy
But I found nothing about the scope.但我没有发现关于范围的任何信息。
Here my claims provider for REST API :这是我的 REST API 声明提供程序:
<ClaimsProvider>
<DisplayName>REST API</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="AzureFunction-SendClaims">
<DisplayName>Send Claims</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
<Metadata>
<Item Key="ServiceUrl">https://XXXX.azurewebsites.net/api/XXXX</Item>
<Item Key="AuthenticationType">None</Item>
<Item Key="SendClaimsIn">Body</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="givenName"/>
<InputClaim ClaimTypeReferenceId="client_id" PartnerClaimType="clientId" DefaultValue="{OIDC:ClientId}"/>
<InputClaim ClaimTypeReferenceId="resource_id"/>
<InputClaim ClaimTypeReferenceId="email"/>
<InputClaim ClaimTypeReferenceId="otherMails"/>
<InputClaim ClaimTypeReferenceId="grant_type"/>
<InputClaim ClaimTypeReferenceId="scope"/>
</InputClaims>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
3 个解决方案
解决方案1
0 2018-03-16 13:23:32
解决方案2
0 2018-08-31 10:46:51
The Scope can be retrieved by using the OpenId connect claims resolver:可以使用 OpenId 连接声明解析器检索范围:
<InputClaim ClaimTypeReferenceId="Scope" DefaultValue="{OIDC:Scope}"/>
Please see the documentation for the OpenID Connect-specific claims 请参阅 OpenID Connect 特定声明的文档
解决方案3
0 2020-02-25 01:11:51
In your custom policy, feel free and safe to send the variables in a plain way.在您的自定义策略中,以简单明了的方式自由且安全地发送变量。 The context of passing a scope is when you're calling a REST API from a user session, so you must request a custom policy token.传递范围的上下文是当您从用户会话调用 REST API 时,因此您必须请求自定义策略令牌。
You can do it in two ways, by using the MSAL library (I prefer this): https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-web-api-call-api-acquire-token?tabs=aspnetcore您可以通过两种方式使用 MSAL 库(我更喜欢这个): https ://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-web-api-call-api -acquire-token?tabs=aspnetcore
Or , by calling the custom policy directly and in the string query in the scope section ie或者,通过直接调用自定义策略并在范围部分的字符串查询中,即
scope=openid profile offline_access https://yourtenant.onmicrosoft.com/demoapi/demo.read https://kytos.onmicrosoft.com/demoapi/demo.write
don't forget the html encode scope=openid%20profile%20offline_access%20https%3A%2F....不要忘记 html 编码范围=openid%20profile%20offline_access%20https%3A%2F...。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.