如何将自定义声明添加到 azure b2c 访问令牌?
[英]How to add custom claims to azure b2c access token?
问题描述
I have an azure active directory B2C account.
我有一个 azure 活动目录 B2C 帐户。 The client and web api of the application are registered there.应用程序的客户端和 web api 在那里注册。 There are also user flows, for example, for registration and login.还有用户流,例如,用于注册和登录。 A web api (asp net core web api) protected by a b2c token.受 b2c 令牌保护的 web api(asp net core web api)。 How to implement the logic in which after the user logs in to the system the web API application can validate the b2c token and exchange it for its own token, with the claims I need.如何实现用户登录系统后,Web API 应用程序可以验证 b2c 令牌并将其交换为自己的令牌的逻辑,以及我需要的声明。 Or maybe you can immediately add your custom claims to the b2c token?或者您可以立即将您的自定义声明添加到 b2c 令牌中? Provided that claims are stored in a database on their own server.前提是声明存储在他们自己服务器上的数据库中。
Studied a bunch of documentation from Microsoft.研究了一堆微软的文档。 The first thing I discovered was the use of api connectors.我发现的第一件事是使用 api 连接器。 https://docs.microsoft.com/en-us/azure/active-directory-b2c/add-api-connector-token-enrichment?pivots=b2c-user-flow Maybe this is my decision? https://docs.microsoft.com/en-us/azure/active-directory-b2c/add-api-connector-token-enrichment?pivots=b2c-user-flow也许这是我的决定? But I didn't understand how to check this locally from localhost.但我不明白如何从本地主机检查这个。
Please share the best practices for writing such logic.请分享编写此类逻辑的最佳实践。
1 个解决方案
解决方案1
0 2021-10-13 01:20:43
As per your link, you need to use custom policies.根据您的链接,您需要使用自定义策略。
In the link, you see eg "balance" (a custom claim) returned from the API call and added to the JWT for the RelyingParty.在链接中,您会看到例如从 API 调用返回并添加到 RelyingParty 的 JWT 中的“余额”(自定义声明)。
You don't need to convert tokens - just call the API.您不需要转换令牌 - 只需调用 API。
There are a number of options to secure your API.有许多选项可以保护您的 API。
You can return error messages .您可以返回错误消息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.