Azure SignUp policy needs to return to a different application
Question
I have an Azure policy which works well for authentication users of different roles. I now need to add a SignUp component to this but there are some requirements that I'm not sure are possible.
- I need the policy to return back to a different application than what called it. Say App A has the signup link on it's login page which will invoke the policy's SignUp userjourney. However, I need it to not return back to that same App, instead redirect to App B along with those claims it's gathered. Is this even possible?
- If it were possible (above), how can this be set up under the relyingparty section? I would need to keep what is already there for the userjourney that authentications users, but now also somehow provide what's needed for this SignUp flow.
I am sorry if this is vague. I am just looking to get unstuck. If anyone could provide any sort of nudge in the right direction, I'd be very grateful.
1 answers
solution1
0 ACCPTED 2021-08-22 15:34:15
This idea will not work. This is because, for at least the MSAL authentication library, it will reject a token response if MSAL was not the one who initiated the request. That is built in protection to most libraries, and uses the state parameter in the authentication request to apply this protection. Only responses that come back with the same state parameter will be accepted by the app.
You need to create a link from App 1 to App 2, and have App 2 initiate the Sign Up B2C policy.
The token response URL is controlled by the redirect_uri parameter in the authentication request. Your app will always require this to be configured within it. Both apps should provide a redirect_uri to send the token back to the respective App.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.