英文:
How do I add more scopes in Azure B2C user flow?
问题
在Azure B2C中,我配置了一个用户流程。
当我检查.well-known/openid-configuration时,我只在scopes_supported中看到了'openid'。
我可以添加其他范围,比如profile或offline_access吗?
英文:
I have a User Flow configured in Azure B2C.
When I check the .well-known/openid-configuration I have only 'openid' in the scopes_supported.
Can I add other scopes, like profile or offline_access?
{
"issuer": "https://***.b2clogin.com/tfp/********-ad73-4362-a92f-302dc508e063/b2c_1_***/v2.0/",
"authorization_endpoint": "https://***.b2clogin.com/***.onmicrosoft.com/b2c_1_***/oauth2/v2.0/authorize",
"token_endpoint": "https://***.b2clogin.com/***.onmicrosoft.com/b2c_1_***/oauth2/v2.0/token",
"end_session_endpoint": "https://***.b2clogin.com/***.onmicrosoft.com/b2c_1_***/oauth2/v2.0/logout",
"jwks_uri": "https://***.b2clogin.com/***.onmicrosoft.com/b2c_1_***/discovery/v2.0/keys",
"response_modes_supported": [
"query",
"fragment",
"form_post"
],
"response_types_supported": [
"code",
"code id_token",
"code token",
"code id_token token",
"id_token",
"id_token token",
"token",
"token id_token"
],
"scopes_supported": [
"openid"
],
"subject_types_supported": [
"pairwise"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic"
],
"claims_supported": [
"idp",
"oid",
"sub",
"emails",
"name",
"newUser",
"idp_access_token",
"tfp",
"iss",
"iat",
"exp",
"aud",
"acr",
"nonce",
"auth_time"
]
}
My main issue is that I cannot get user info. Not sure if it's related to the missing profile scope.
答案1
得分: 1
请注意:Azure AD B2C应用程序仅支持openid和offline_access委派权限。因此,无法向应用程序添加额外的范围。
我创建了一个Azure AD B2C应用程序,并添加了API权限,如下图所示:
我创建了一个注册和登录用户流,并添加了应用程序声明:
根据需求,您可以选择应用程序声明。
我运行了用户流并以以下方式登录用户:
ID令牌成功生成,并包含用户信息。
英文:
> Note that: Azure AD B2C Application only supports openid and offline_access delegated permissions only. Hence, it's not possible to add extra scopes to the Application.
I created an Azure AD B2C Application and added API permissions like below:
I created a Sign up and sign in User flow and added Application claims:
> Based on the requirement, you can select the Application claims.
I run the user flow and signed-in with the user like below:
ID Token got generated successfully with user information:
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论