[英]Include Azure AD B2C aud claim in call to custom claim REST API
TL;DR: {OIDC:ClientId} is always the calling Application. TL;DR: {OIDC:ClientId} 始终是调用应用程序。 I also need to know the "audience" application.我还需要知道“观众”应用程序。 Is there a claim resolver for this?是否有针对此的索赔解决程序?
In more detail:更详细地:
Here's the problem:这是问题所在:
I have considered using the {OIDC:scopes} claim resolver to solve this issue.我已经考虑使用 {OIDC:scopes} 声明解析器来解决这个问题。 That might work, but it seems a little like a hack.这可能有效,但似乎有点像黑客。 Are there any better options?有没有更好的选择?
Per this document , it appears that {OIDC:scopes}
is the only available option for this.根据本文档,似乎{OIDC:scopes}
是唯一可用的选项。 And with some further thought, that makes sense, since some scopes might be requested that are outside the current tenant (Microsoft Graph API, for instance).再进一步考虑,这是有道理的,因为可能会请求当前租户之外的某些范围(例如 Microsoft Graph API)。 In that case, it would not be possible to supply a clientId for the target application.在这种情况下,将无法为目标应用程序提供 clientId。
{OIDC:scopes}
is a single string with all of the requested scopes separated by spaces. {OIDC:scopes}
是一个字符串,所有请求的范围用空格分隔。 To detect when an access token is being generated for a different application than the current one, a simple string search on the scopes field is sufficient.要检测何时为与当前应用程序不同的应用程序生成访问令牌,对范围字段进行简单的字符串搜索就足够了。 If the App ID URI of an application is present in the scopes string, an access token is being requested for that application.如果范围字符串中存在应用程序的 App ID URI,则正在为该应用程序请求访问令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.