I try to create a custom policy and I want to get some claims and send its to my REST API. My API is called with email, givenName, etc... but claims passed by query string like client_id, resource_id and mostly scope are empty.
I found a workaround to get the client_id here : Get the Azure AD B2C Application client id in the custom policy
But I found nothing about the scope.
Here my claims provider for REST API :
<ClaimsProvider>
<DisplayName>REST API</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="AzureFunction-SendClaims">
<DisplayName>Send Claims</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
<Metadata>
<Item Key="ServiceUrl">https://XXXX.azurewebsites.net/api/XXXX</Item>
<Item Key="AuthenticationType">None</Item>
<Item Key="SendClaimsIn">Body</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="givenName"/>
<InputClaim ClaimTypeReferenceId="client_id" PartnerClaimType="clientId" DefaultValue="{OIDC:ClientId}"/>
<InputClaim ClaimTypeReferenceId="resource_id"/>
<InputClaim ClaimTypeReferenceId="email"/>
<InputClaim ClaimTypeReferenceId="otherMails"/>
<InputClaim ClaimTypeReferenceId="grant_type"/>
<InputClaim ClaimTypeReferenceId="scope"/>
</InputClaims>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
I don't think there is a way to get the scopes. You can see a list of claims and properties that are available to access from within the B2C policy here
The Scope can be retrieved by using the OpenId connect claims resolver:
<InputClaim ClaimTypeReferenceId="Scope" DefaultValue="{OIDC:Scope}"/>
Please see the documentation for the OpenID Connect-specific claims
In your custom policy, feel free and safe to send the variables in a plain way. The context of passing a scope is when you're calling a REST API from a user session, so you must request a custom policy token.
You can do it in two ways, by using the MSAL library (I prefer this): https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-web-api-call-api-acquire-token?tabs=aspnetcore
Or , by calling the custom policy directly and in the string query in the scope section ie
scope=openid profile offline_access https://yourtenant.onmicrosoft.com/demoapi/demo.read https://kytos.onmicrosoft.com/demoapi/demo.write
don't forget the html encode scope=openid%20profile%20offline_access%20https%3A%2F....
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.