Azure B2C 无密码注册仅使用自定义策略中的电子邮件
[英]Azure B2C passwordless sign up with only email in custom Policy
问题描述
My system needs to use passwordless with email authentication in both sign up & sign in.
我的系统需要在注册和登录时使用无密码和电子邮件身份验证。
That mean user just needs to enter an email, then the system will send the one time passcode into that emai & let user sign in (if there is no account yet, just create a new one with that email silently with default information)这意味着用户只需要输入一封电子邮件,然后系统会将一次性密码发送到该电子邮件并让用户登录(如果还没有帐户,只需使用该电子邮件以默认信息静默创建一个新帐户)
I tried this sample & it works for exist local users (with email & password)我尝试了这个示例,它适用于现有的本地用户(使用电子邮件和密码)
Is there anyway to create local user with only email?有没有办法只用电子邮件创建本地用户? My users just see the input email screen & the input passcode screen.我的用户只看到输入电子邮件屏幕和输入密码屏幕。 They don't need to fill anything else.他们不需要填充任何其他东西。
2 个解决方案
解决方案1
2 2019-08-21 01:45:44
When a local user account is created, the password property must be set, which is why that sample flow prompts the new user for this.创建本地用户帐户时,必须设置密码属性,这就是示例流程提示新用户执行此操作的原因。
If you don't want to prompt for this, then the password property can be set to a random value, as follows.如果不想提示这个,那么可以将password属性设置为一个随机值,如下。
- Remove the newPassword and reenterPassword claims as output claims from the LocalAccountSignUpWithLogonEmail technical profile:从LocalAccountSignUpWithLogonEmail技术配置文件中删除newPassword和reenterPassword声明作为输出声明:
<TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
...
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true" />
<OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" />
<OutputClaim ClaimTypeReferenceId="newUser" />
<!-- Optional claims, to be collected from the user -->
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surName" />
</OutputClaims>
...
</TechnicalProfile>
- For the AAD-UserWriteUsingLogonEmail technical profile, add an input claims transformation to that generates the new password and set the accountEnabled property to false so that the new user can't sign in with the generated password:对于AAD-UserWriteUsingLogonEmail技术配置文件,添加一个输入声明转换以生成新密码并将accountEnabled属性设置为false以便新用户无法使用生成的密码登录:
<TechnicalProfile Id="AAD-UserWriteUsingLogonEmail">
...
<InputClaimsTransformations>
<InputClaimsTransformation ReferenceId="GenerateNewPassword" />
</InputClaimsTransformations>
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" Required="true" />
</InputClaims>
<PersistedClaims>
<PersistedClaim ClaimTypeReferenceId="accountEnabled" DefaultValue="false" AlwaysUseDefaultValue="true" />
<PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" />
<PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password"/>
<PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration,DisableStrongPassword" />
...
</PersistedClaims>
</TechnicalProfile>
- Declare the accountEnabled claim as follows:声明accountEnabled声明如下:
<ClaimType Id="accountEnabled">
<DisplayName>Account Enabled</DisplayName>
<DataType>boolean</DataType>
</ClaimType>
- Declare the GenerateNewPassword claims transformation of type CreateRandomString as follows:如下声明CreateRandomString类型的GenerateNewPassword声明转换:
<ClaimsTransformation Id="GenerateNewPassword" TransformationMethod="CreateRandomString">
<InputParameters>
<InputParameter Id="randomGeneratorType" DataType="string" Value="GUID" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="newPassword" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
解决方案2
0 2020-11-09 17:03:08
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.