stackoom
  简体   繁体   中英

Azure AD B2C: How to differentiate the serviceUrl of a called REST API based on a value from the consuming app

 原文  2021-02-13 09:07:14       xamarin.forms/ azure-ad-b2c/ azure-ad-b2c-custom-policy

Question

I am investigating the possibilities of Azure AD B2C. I have the following use case:

I have a Xamarin Forms app. In the current app, a user can choose three different environments (A, B, C) when logging in. Each environment has a separate - but similar - website, think of it as staging environments. So the choice of environment dictates in which website where the actual login takes place. A user should be able to logout of A and then login again in B, for example.

Now I want Azure AD B2C handle the authentication instead. I set up a tenant and create a custom policy to make a rest call to the website to do extra validation steps with the objectid in the last orchestration step. This mechanism is working fine.

The problem is that the REST calls to the serviceurl is slightly different for environments A, B of C. In the orchestration I guess it should be possible to make the three separate REST steps and make them conditional on some parameter. The question is which parameter. A custom claim?

The Xamarin app uses msal to connect to the tenant.

What mechanism can I use from the app to know in the custom policy that a login is for environment A, B of C?

  • Can it be some parameter?
  • Or should I make three different Application definitions in B2C, and use the ApplicationId to differentiate?

1 answers

solution1
 0 ACCPTED  2021-02-15 21:31:51

Following Jas's comment, I added WithExtraQueryParameters to the app:

await App.AuthenticationClient
.AcquireTokenInteractive(scopes: Constants.Scopes)
.WithExtraQueryParameters(new Dictionary<string, string> { { "website_code", "TEST" } })
.WithPrompt(Prompt.ForceLogin)
.WithParentActivityOrWindow(App.UIParent)
.ExecuteAsync();

Some key snippets from TrustframeworkExtensions.xml:

<ClaimType Id="website_code">
  <DisplayName>Website code</DisplayName>
  <DataType>string</DataType>
  <UserHelpText>The Website code</UserHelpText>
</ClaimType>

<InputClaim ClaimTypeReferenceId="website_code" DefaultValue="{OAUTH-KV:website_code}" AlwaysUseDefaultValue="true" />

<OrchestrationStep Order="7" Type="ClaimsExchange">
    <Preconditions>
        <Precondition Type="ClaimEquals" ExecuteActionsIf="false">
             <Value>website_code</Value>
             <Value>TEST</Value>
             <Action>SkipThisOrchestrationStep</Action>
        </Precondition>
    </Preconditions>
 <ClaimsExchanges>
   <ClaimsExchange Id="RESTGetUserClaims_test" TechnicalProfileReferenceId="xxxx_test" />
   </ClaimsExchanges>
</OrchestrationStep>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to mark an Azure AD B2C App as Publisher Verified How to Integrate existing Azure AD B2C into a Xamarin forms app using MSAL? How to develop a multi-user Xamarin.Forms app with Azure AD B2C authentication Azure mobile app backend / Azure AD B2C and aspnet core web client Azure AD B2C Specify multiple Identity Providers in Xamarin.Forms iOS app Xamarin.Forms app using Azure AD B2C only showing Microsoft login xamarin ios app is not returning after Azure AD B2C login Can we get email and password from authentication from Azure AD B2C Azure AD B2C never logs in on Xamarin Forms Method to Change Password for Azure AD B2C in Xamarin Forms
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM