Azure B2C 自定义策略 REST API CALL 不适用于 Microsoft 帐户
[英]Azure B2C custom policy REST API CALL not working for Microsoft account
问题描述
I have added Microsoft IDP to Custom Policy using this link [ https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-microsoft-account-custom?tabs=applications][1] .
我已使用此链接将 Microsoft IDP 添加到自定义策略 [ https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-microsoft-account-custom?tabs=applications][1 ] 。 The user can click the Microsoft Account button and use their MSA account to sign-up\sign-in.用户可以单击 Microsoft 帐户按钮并使用其 MSA 帐户进行注册\登录。 When the user signs up using MS acccount we'd like to validate the e-mail against our database.当用户使用 MS 帐户注册时,我们希望根据我们的数据库验证电子邮件。 If the user's email is in our database, let them proceed and signup;如果用户的 email 在我们的数据库中,让他们继续注册; otherwise we'd like to prevent them from signing up and display an error message.否则我们想阻止他们注册并显示错误消息。 This would prevent creating a User in our Azure B2C AD.这将阻止在我们的 Azure B2C AD 中创建用户。 I used the following TechnicalProfile in我使用了以下 TechnicalProfile
<ClaimsProvider>
<Domain>live.com</Domain>
<DisplayName>Microsoft Account</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="MSA-OIDC">
<DisplayName>Microsoft Account</DisplayName>
<Protocol Name="OpenIdConnect" />
<Metadata>
<Item Key="ProviderName">https://login.live.com</Item>
<Item Key="METADATA">https://login.live.com/.well-known/openid-configuration</Item>
<Item Key="response_types">code</Item>
<Item Key="response_mode">form_post</Item>
<Item Key="scope">openid profile email</Item>
<Item Key="HttpBinding">POST</Item>
<Item Key="UsePolicyInRedirectUri">0</Item>
<Item Key="client_id">12344</Item>
</Metadata>
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_MSASecret" />
</CryptographicKeys>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="oid" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />
<OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_name" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
<OutputClaim ClaimTypeReferenceId="identityProvider" PartnerClaimType="iss" />
<OutputClaim ClaimTypeReferenceId="email" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
<OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
<OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
<OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" />
</OutputClaimsTransformations>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="REST-ValidateProfile" />
</ValidationTechnicalProfiles>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
i added REST API Call我添加了 REST API 调用
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="REST-ValidateProfile" />
</ValidationTechnicalProfiles>
but is not working.但不工作。 ANy idea?任何想法?
1 个解决方案
解决方案1
0 已采纳 2020-05-08 21:57:08
Check whether you mentioned the Self Asserted Technical profile in ths custom policy which collects the user details submitted to b2c and you can validate the email using the REST API.检查您是否在自定义策略中提到了自我断言技术配置文件,该配置文件收集提交给 b2c 的用户详细信息,并且您可以使用 REST ZDB974238714CA8DE634A7CE1D083A1 验证 email
for more information you can through these articles有关更多信息,您可以通过这些文章
REST API Claims exchange integration with user journey to validate user input
REST API 声明交换与用户旅程集成以验证用户输入LocalAndSocialAccount Sign In and Sign Up policy wiki
LocalAndSocialAccount 登录和注册政策维基
and there is a similar discussion related to validating the user input data并且有一个与验证用户输入数据相关的类似讨论
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.