stackoom
  简体   繁体   中英

Get the Azure AD B2C scope in the custom policy

 原文  2018-03-15 14:39:57       azure/ azure-ad-b2c

Question

I try to create a custom policy and I want to get some claims and send its to my REST API. My API is called with email, givenName, etc... but claims passed by query string like client_id, resource_id and mostly scope are empty.

I found a workaround to get the client_id here : Get the Azure AD B2C Application client id in the custom policy

But I found nothing about the scope.

Here my claims provider for REST API :

<ClaimsProvider>
    <DisplayName>REST API</DisplayName>
    <TechnicalProfiles>
        <TechnicalProfile Id="AzureFunction-SendClaims">
            <DisplayName>Send Claims</DisplayName>
            <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
            <Metadata>
                <Item Key="ServiceUrl">https://XXXX.azurewebsites.net/api/XXXX</Item>
                <Item Key="AuthenticationType">None</Item>
                <Item Key="SendClaimsIn">Body</Item>
            </Metadata>
            <InputClaims>
                <InputClaim ClaimTypeReferenceId="givenName"/>
                <InputClaim ClaimTypeReferenceId="client_id" PartnerClaimType="clientId" DefaultValue="{OIDC:ClientId}"/>
                <InputClaim ClaimTypeReferenceId="resource_id"/>
                <InputClaim ClaimTypeReferenceId="email"/>
                <InputClaim ClaimTypeReferenceId="otherMails"/>
                <InputClaim ClaimTypeReferenceId="grant_type"/>
                <InputClaim ClaimTypeReferenceId="scope"/>
            </InputClaims>
        </TechnicalProfile>
    </TechnicalProfiles>
</ClaimsProvider>

3 answers

solution1
 0  2018-03-16 13:23:32

I don't think there is a way to get the scopes. You can see a list of claims and properties that are available to access from within the B2C policy here

solution2
 0  2018-08-31 10:46:51

The Scope can be retrieved by using the OpenId connect claims resolver:

<InputClaim ClaimTypeReferenceId="Scope" DefaultValue="{OIDC:Scope}"/>

Please see the documentation for the OpenID Connect-specific claims

solution3
 0  2020-02-25 01:11:51

In your custom policy, feel free and safe to send the variables in a plain way. The context of passing a scope is when you're calling a REST API from a user session, so you must request a custom policy token.

You can do it in two ways, by using the MSAL library (I prefer this): https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-web-api-call-api-acquire-token?tabs=aspnetcore

Or , by calling the custom policy directly and in the string query in the scope section ie

scope=openid profile offline_access https://yourtenant.onmicrosoft.com/demoapi/demo.read https://kytos.onmicrosoft.com/demoapi/demo.write

don't forget the html encode scope=openid%20profile%20offline_access%20https%3A%2F....

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Change Background image of azure ad b2c in custom policy Azure AD B2C custom policy to enable/disable MFA Azure AD B2C UI customization for custom policy Azure AD B2C Custom policy language translation Azure AD B2C Custom Policy error message customization Azure AD B2C Custom Policy + Application Insights Azure AD B2C passwordless sign in custom Policy Azure AD B2C Custom SignIn Policy Displays SignUpSignIn Azure AD B2C Custom Policy - Bind MultiCheckbox dynamically Facebook login via Azure AD B2C custom policy
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM