如何在Azure B2C用户流中添加更多范围?

huangapple go评论68阅读模式
英文:

How do I add more scopes in Azure B2C user flow?

问题

在Azure B2C中,我配置了一个用户流程。

当我检查.well-known/openid-configuration时,我只在scopes_supported中看到了'openid'。

我可以添加其他范围,比如profile或offline_access吗?

英文:

I have a User Flow configured in Azure B2C.

When I check the .well-known/openid-configuration I have only 'openid' in the scopes_supported.

Can I add other scopes, like profile or offline_access?

{
  "issuer": "https://***.b2clogin.com/tfp/********-ad73-4362-a92f-302dc508e063/b2c_1_***/v2.0/",
  "authorization_endpoint": "https://***.b2clogin.com/***.onmicrosoft.com/b2c_1_***/oauth2/v2.0/authorize",
  "token_endpoint": "https://***.b2clogin.com/***.onmicrosoft.com/b2c_1_***/oauth2/v2.0/token",
  "end_session_endpoint": "https://***.b2clogin.com/***.onmicrosoft.com/b2c_1_***/oauth2/v2.0/logout",
  "jwks_uri": "https://***.b2clogin.com/***.onmicrosoft.com/b2c_1_***/discovery/v2.0/keys",
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "response_types_supported": [
    "code",
    "code id_token",
    "code token",
    "code id_token token",
    "id_token",
    "id_token token",
    "token",
    "token id_token"
  ],
  "scopes_supported": [
    "openid"
  ],
  "subject_types_supported": [
    "pairwise"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_post",
    "client_secret_basic"
  ],
  "claims_supported": [
    "idp",
    "oid",
    "sub",
    "emails",
    "name",
    "newUser",
    "idp_access_token",
    "tfp",
    "iss",
    "iat",
    "exp",
    "aud",
    "acr",
    "nonce",
    "auth_time"
  ]
}

My main issue is that I cannot get user info. Not sure if it's related to the missing profile scope.

答案1

得分: 1

请注意:Azure AD B2C应用程序仅支持openidoffline_access委派权限。因此,无法向应用程序添加额外的范围。

我创建了一个Azure AD B2C应用程序,并添加了API权限,如下图所示:

我创建了一个注册和登录用户流,并添加了应用程序声明:

根据需求,您可以选择应用程序声明。

我运行了用户流并以以下方式登录用户:

ID令牌成功生成,并包含用户信息。

英文:

> Note that: Azure AD B2C Application only supports openid and offline_access delegated permissions only. Hence, it's not possible to add extra scopes to the Application.

如何在Azure B2C用户流中添加更多范围?

I created an Azure AD B2C Application and added API permissions like below:

如何在Azure B2C用户流中添加更多范围?

I created a Sign up and sign in User flow and added Application claims:

> Based on the requirement, you can select the Application claims.

如何在Azure B2C用户流中添加更多范围?

I run the user flow and signed-in with the user like below:

如何在Azure B2C用户流中添加更多范围?

ID Token got generated successfully with user information:

如何在Azure B2C用户流中添加更多范围?

huangapple
  • 本文由 发表于 2023年5月10日 18:27:53
  • 转载请务必保留本文链接:https://go.coder-hub.com/76217327.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定