Rest API 在 Azure AD B2C 中调用自定义策略

Question

I am new and have tried to build custom policy for sign-in by invoking a REST API call to legacy.

The API expects below parameters as input: client_id=fixed value, client_secret=fixed value, grant_type=fixed value, scope=fixed value, username=variable, password=variable

The above parameters are not for Azure valued but some fixed values that need to be sent in the request.

I have added few portions in the extensions custom policy but seems the request body is not forming correctly and I am getting the error The claims exchange User Migration Via Legacy specified in step '1' returned HTTP error response with Code Bad Request and Reason 'Bad Request'. What am I doing wrong here? Please help.

Added my portion:

  <BuildingBlocks>
<ClaimsSchema>
  <ClaimType Id="RequestBody">
    <DisplayName>Request body</DisplayName>
    <DataType>string</DataType>
    <UserHelpText>RequestBody</UserHelpText>
  </ClaimType>
</ClaimsSchema>
<ClaimsTransformations>
    <ClaimsTransformation Id="GenerateRequestBody" TransformationMethod="GenerateJson">
    <InputClaims>
      <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="username" />
      <InputClaim ClaimTypeReferenceId="password" TransformationClaimType="password" />
    </InputClaims>
    <InputParameters>
      <InputParameter Id="client_id" DataType="string" Value="client" />
      <InputParameter Id="client_secret" DataType="string" Value="sec" />
      <InputParameter Id="grant_type" DataType="string" Value="grant" />
      <InputParameter Id="scope" DataType="string" Value="scope" />
    </InputParameters>
    <OutputClaims>
      <OutputClaim ClaimTypeReferenceId="RequestBody" TransformationClaimType="outputClaim" />
    </OutputClaims>
  </ClaimsTransformation>
</ClaimsTransformations>

<ClaimsProviders>
  <ClaimsProvider>
  <DisplayName>REST API to communicate with Legacy IdP</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="UserMigrationViaLegacyIdp">
      <DisplayName>REST API call to communicate with Legacy IdP</DisplayName>
      <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
      <Metadata>
        <Item Key="ServiceUrl">https://</Item>
        <Item Key="AuthenticationType">None</Item>
        <Item Key="SendClaimsIn">Body</Item>
        <Item Key="AllowInsecureAuthInProduction">true</Item>
        <Item Key="ClaimUsedForRequestPayload">RequestBody</Item>
      </Metadata>
      <InputClaimsTransformations>
        <InputClaimsTransformation ReferenceId="GenerateRequestBody" />
      </InputClaimsTransformations>
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="RequestBody" />
      </InputClaims>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="tokenSuccess" DefaultValue="false" />
        <OutputClaim ClaimTypeReferenceId="migrationRequired" />
      </OutputClaims>
      <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

Answer 1

Can you share the actual JSON created by the claim transformation? Is it well formatted? You can make troubleshooting easy by displaying the output of <InputClaimsTransformation ReferenceId="GenerateRequestBody" /> before you actually use it as input claim inside the REST API technical profile. This will reveal what's going on with your JSON format.

To do that, first create a self asserted technical profile and add <InputClaimsTransformation ReferenceId="GenerateRequestBody" /> as an output claim transformation to it. Your output claim should be the claim which you will use later in next step in the journey.

In the user journey, add a step that calls the self asserted technical profile. Add next step with App Insights to write the output claim to App Insights( https://docs.microsoft.com/en-us/azure/active-directory-b2c/analytics-with-application-insights )

This will document claim value that REST API is receiving.