堆栈内存溢出
  简体   繁体   English

Azure B2C Rest API 仍在创建帐户时出错

[英]Azure B2C Rest API Error Still Creating Account

 原文  2021-03-16 09:31:31       azure/ azure-active-directory/ azure-ad-b2c/ azure-ad-b2c-custom-policy/ azure-rest-api

问题描述

I have created a REST API for Azure B2C to return a claim or an error during the account creation flow.我为 Azure B2C 创建了 REST API,以在帐户创建流程中返回索赔或错误。

In my Custom Policy I have hooked up the API and it gets called.在我的自定义策略中,我连接了 API 并被调用。

However if the API returns either a 400 or 409, the account is still created but the user is presented with the error message on the create page.但是,如果 API 返回 400 或 409,则仍会创建帐户,但会在创建页面上向用户显示错误消息。 The user's account is still created despite the error.尽管出现错误,仍会创建用户帐户。

The user then fixes the error and clicks create again but can't create the account because it was already created.然后用户修复错误并再次单击创建,但无法创建帐户,因为它已经创建。

I have followed the instructions here:我已按照此处的说明进行操作:

https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-rest-api-claims-validation https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-rest-api-claims-validation

My Claims Provider looks like this and claim from the REST API is called VerifiedDateOfBirth :我的 Claims Provider 看起来像这样,来自 REST API 的索赔被称为VerifiedDateOfBirth

<ClaimsProvider>
            <DisplayName>REST API</DisplayName>
            <TechnicalProfiles>
                <TechnicalProfile Id="REST-Validation">
                    <DisplayName>Check date of birth</DisplayName>
                    <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
                    <Metadata>
                        <!-- Set the ServiceUrl with your own REST API endpoint -->
                        <Item Key="ServiceUrl">{REST URL}}</Item>
                        <Item Key="SendClaimsIn">Body</Item>
                        <!-- Set AuthenticationType to Basic or ClientCertificate in production environments -->
                        <Item Key="AuthenticationType">None</Item>
                        <!-- REMOVE the following line in production environments -->
                        <Item Key="AllowInsecureAuthInProduction">true</Item>
                    </Metadata>
                    <InputClaims>
                        <!-- Claims sent to your REST API -->
                        <InputClaim ClaimTypeReferenceId="dateOfBirth" />
                    </InputClaims>
                    <OutputClaims>
                        <!-- Claims parsed from your REST API -->
                        <OutputClaim ClaimTypeReferenceId="VerifiedDateOfBirth" />                       
                    </OutputClaims>
                    <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
                </TechnicalProfile>
            </TechnicalProfiles>
        </ClaimsProvider>

And the technical profile:以及技术简介:

    <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
                    <DisplayName>Email signup</DisplayName>
                    <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
                    <Metadata>
                        <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
                        <Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
                        <Item Key="language.button_continue">Create</Item>
                    </Metadata>
                    <CryptographicKeys>
                        <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
                    </CryptographicKeys>
                    <InputClaims>
                        <InputClaim ClaimTypeReferenceId="email" />
                    </InputClaims>
                    <OutputClaims>
                        <OutputClaim ClaimTypeReferenceId="objectId" />
                        <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true" />
                        <OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
                        <OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
                        <OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
                        <OutputClaim ClaimTypeReferenceId="authenticationSource" />
                        <OutputClaim ClaimTypeReferenceId="newUser" />
                        <!-- Optional claims, to be collected from the user -->
                        <OutputClaim ClaimTypeReferenceId="displayName" />
                        <OutputClaim ClaimTypeReferenceId="givenName" />
                        <OutputClaim ClaimTypeReferenceId="surName" />
                        <OutputClaim ClaimTypeReferenceId="dateOfBirth" Required="true" />
                        <OutputClaim ClaimTypeReferenceId="VerifiedDateOfBirth" Required="true" />
                    </OutputClaims>
                    <ValidationTechnicalProfiles>
                        <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />
                        <ValidationTechnicalProfile ReferenceId="REST-Validation" />
                    </ValidationTechnicalProfiles>
                    <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
                </TechnicalProfile>

When the error occurs I see the following error on the create page:发生错误时,我在创建页面上看到以下错误:

在此处输入图像描述

Do I need to add some additional configuration?我需要添加一些额外的配置吗?

1 个解决方案

解决方案1
 1 已采纳  2021-03-16 11:20:43

The order of your validation profiles matter in your LocalAccountSignUpWithLogonEmail technical profile.您的验证配置文件的顺序在您的LocalAccountSignUpWithLogonEmail技术配置文件中很重要。 It looks like the first validation that was taking place was the writing of the user account.看起来正在发生的第一个验证是用户帐户的写入。

Try this instead:试试这个:

<ValidationTechnicalProfiles>
  <ValidationTechnicalProfile ReferenceId="REST-Validation" />
  <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />
</ValidationTechnicalProfiles>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在创建新的 AD 本地帐户之前,使用 REST API 到外部 IDP 以验证 Azure B2C 中 JIT 迁移中的用户存在 - Use REST API to external IDP to validate user existence in JIT migration in Azure B2C before creating new AD local account Azure B2C 自定义策略 REST API CALL 不适用于 Microsoft 帐户 - Azure B2C custom policy REST API CALL not working for Microsoft account 使用图 API 创建 Azure AD B2C 社交帐户 - Creating Azure AD B2C Social Account using graph API Azure B2C 是否提供 REST API 用于登录? - Does Azure B2C provide REST API for login? Azure Active Directory B2C 是否有 REST Api? - Does Azure Active Directory B2C have a REST Api? Azure AD B2C-将当前区域性传递给REST API - Azure AD B2C - Pass current culture to REST API Azure B2C 自定义策略 Rest API 客户端证书 - Azure B2C Custom Policy Rest API Client Certificate Rest API 在 Azure AD B2C 中调用自定义策略 - Rest API call in custom policy in Azure AD B2C 如何处理 B2C 自定义策略中的 REST API 错误? - How to handle REST API error in a B2C custom policy? Azure AD B2C 使用图形创建用户 API 错误 - Azure AD B2C Create User with the Graph API error
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM