堆栈内存溢出
  简体   繁体   English

使用 azure ad b2c 的可选登录 + SSO

[英]Optional sign in + SSO with azure ad b2c

 原文  2022-08-15 02:10:56       azure/ azure-ad-b2c/ azure-b2c

问题描述

I have an application which has multiple frontend SPAs (mostly React).我有一个具有多个前端 SPA(主要是 React)的应用程序。 They allow the user to sign in if they want to access privileged features, but an unauthenticated user is still able to access the site.如果用户想要访问特权功能,它们允许用户登录,但未经身份验证的用户仍然能够访问该站点。 Each SPA will access some backend apis using a token if they are authenticated.如果经过身份验证,每个 SPA 将使用令牌访问某些后端 API。 All of these sites should function transparently when it comes to login, so if you login on one site, it should be automatically propagated to all the sites (SSO)所有这些站点都应该在登录时透明地 function,因此如果您在一个站点上登录,它应该会自动传播到所有站点(SSO)

When a site first loads we want to get the token for the user if they are logged in with SSO.当站点首次加载时,如果用户使用 SSO 登录,我们希望获取用户的令牌。 If we use the redirect flow and the user isn't signed in we will end up on the sign in page, which isn't what we want as we allow anonymous access.如果我们使用重定向流程并且用户未登录,我们将最终进入登录页面,这不是我们想要的,因为我们允许匿名访问。 We only want to show the login page if the user explicitly clicks the login link on a site.如果用户明确单击站点上的登录链接,我们只想显示登录页面。

Is there a way to check if the user is logged into sso without redirecting to the login page?有没有办法在不重定向到登录页面的情况下检查用户是否登录到 sso?

We have looked at ssoSilent (from msal ) which functionally does what we want however its only supported via third party cookies which don't work in some browsers.我们已经查看了 ssoSilent (来自msal ),它在功能上可以满足我们的需求,但它仅通过第三方 cookies 支持,这在某些浏览器中不起作用。

I have thought perhaps we could redirect to a silent login page which if the user isn't logged in will just redirect back with an anonymous flag in the queryString, but I don't know if theres a way to do this with azure b2c.我想也许我们可以重定向到一个静默登录页面,如果用户没有登录,它将在 queryString 中使用匿名标志重定向回来,但我不知道是否有办法使用 azure b2c 来做到这一点。

1 个解决方案

解决方案1
 1  2022-08-15 07:10:39

The only method is ssoSilent(), or your own implementation of it via iframe.唯一的方法是 ssoSilent(),或者您自己通过 iframe 实现它。 It should work as long as your app is on the same root domain as the AAD B2C login page, which you can do with the Custom Domain feature.只要您的应用程序与 AAD B2C 登录页面位于同一根域中,它就应该可以工作,您可以使用自定义域功能来完成。

There is no API endpoint available to do what you want.没有 API 端点可用于执行您想要的操作。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure AD B2C 登录 - Azure AD B2C Sign in 如何使用可选的 Email OTP 实现 Azure AD B2C 身份体验框架登录 - How to Implement Azure AD B2C Identity Experience Framework Sign-In with Optional Email OTP 如何为Azure AD B2C配置SSO? - How to configure SSO for Azure AD B2C? Azure AD B2C SSO 与 Sitecore 和 Dynamics 365 门户 - Azure AD B2C SSO with Sitecore and Dynamics 365 Portals 应用之间的Azure AD B2C SSO - Azure AD B2C SSO between Apps Azure B2C 的 SSO - SSO for Azure B2C 单一登录-多个应用程序Azure AD B2C - Single Sign on - Multiple application azure AD B2C Azure AD B2C 注销问题 - Azure AD B2C Sign-out issue Azure AD B2C电话因素签到来宾用户 - Azure AD B2C phone factor sign in guest user Azure AD B2C登录策略 - Azure AD B2C sign-in policy
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM