ADB2C身份体验框架:在身份验证后立即使用访问令牌
[英]ADB2C identity experience framework : access token use just after an authentification
问题描述
we are using lots of ADB2C built-in policies and wanna now switch on custom policies thanks to the Identity Experience Framework. 
我们正在使用许多ADB2C内置策略,现在想借助Identity Experience Framework启用自定义策略。
One of our use-cases is: make some calls (from the policy) on endpoints (that are protected by access token) just after an authentication (signup or signin). 我们的用例之一是:在身份验证(注册或登录)后,在端点(受访问令牌保护)上对端点进行一些调用(来自策略)。 For example : just after the signup we would like to call an api for the privacy policy management. 例如:注册后,我们想调用一个用于隐私策略管理的api。 In order to have it working, we need to have the access token. 为了使其正常工作,我们需要具有访问令牌。
Is there a way, thanks to custom policies, to call an http endpoint with the access token just issued right after the authentication ? 借助自定义策略,是否有一种方法可以在身份验证后立即发布带有访问令牌的http端点?
1 个解决方案
解决方案1
1 已采纳 2019-05-12 22:52:42
When an access token or id token is generated by Identity Experience Framework (IEF), it signifies that all requirements of the user journey were met. 当Identity Experience Framework(IEF)生成访问令牌或ID令牌时,表示满足用户旅程的所有要求。 That is, if the user journey required some privacy policy management and user needed to consent to it, only then would the access token or id token be generated. 也就是说,如果用户旅程需要某种隐私策略管理并且用户需要同意,则只有生成访问令牌或ID令牌。
The scenario that you are mentioning could be achieved by IEF calling the privacy policy management API using service-to-service trust and passing user's identity by other means, such as objectId in header or in the body. 您提到的场景可以通过IEF使用服务到服务信任来调用隐私策略管理API并通过其他方式(例如标头或正文中的objectId)传递用户身份来实现。
Because IEF is directly calling the Rest API, it is unclear how IEF generating a token and sending that to the Rest API is more beneficial than IEF making a request over SSL and providing user's data. 由于IEF直接调用Rest API,因此不清楚IEF生成令牌并将其发送到Rest API的方式比IEF通过SSL进行请求并提供用户数据更有利。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.