英文:
ADB2C Read extension properties us SignInWithMagicLink Custome Policy
问题
我正在使用自定义策略来进行Magic Link登录签名,具体代码在这里:https://github.com/azure-ad-b2c/samples/blob/master/policies/sign-in-with-magic-link/policy/SignInWithMagicLink.xml
我在ADB2C中定义了扩展属性,但是无法在上述自定义策略中读取它们。它使用AAD-UserReadUsingEmailAddress技术配置文件来读取声明。我已将我的扩展属性添加为输出声明,但值未被读取。
有人能够找出这为什么不起作用吗?
我已在此处添加了扩展属性的输出声明:
<ClaimsProvider>
<DisplayName>Azure Active Directory</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="AAD-UserReadUsingEmailAddress">
<Metadata>
<!--示例:如果未找到用户,则不引发错误。我们有一个编排步骤来处理错误消息-->
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">false</Item>
<Item Key="client_id">...</Item>
</Metadata>
<OutputClaims>
<!--示例:添加要从目录中读取的可选声明-->
<OutputClaim ClaimTypeReferenceId="givenName"/>
<OutputClaim ClaimTypeReferenceId="surname"/>
<OutputClaim ClaimTypeReferenceId="extension_crmid" />
</OutputClaims>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
</ClaimsProviders>
英文:
I am using the Custom Policy for signing with SignInWithMagicLink here
https://github.com/azure-ad-b2c/samples/blob/master/policies/sign-in-with-magic-link/policy/SignInWithMagicLink.xml
I have extension properties defined in ADB2C, however I am unable to read them using above custom policy. It makes use of AAD-UserReadUsingEmailAddress Technical profile to read the claims. I have added my extension property as an output claim, but the value is not being read.
Can any body figure out why this is not working?
I have added the output claim for extension property here
<ClaimsProvider>
<DisplayName>Azure Active Directory</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="AAD-UserReadUsingEmailAddress">
<Metadata>
<!--Sample: don't raise error if user not found. We have an orchestration step to handle the error message-->
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">false</Item>
<Item Key="client_id">...</Item>
</Metadata>
<OutputClaims>
<!--Sample: add optional claims to read from the directory-->
<OutputClaim ClaimTypeReferenceId="givenName"/>
<OutputClaim ClaimTypeReferenceId="surname"/>
<OutputClaim ClaimTypeReferenceId="extension_crmid" />
</OutputClaims>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
</ClaimsProviders>
答案1
得分: 1
经过一些调查,我发现我发送到AAD-UserReadUsingEmailAddress的clientId是不正确的。
要能够将扩展属性提供给像UserReadUsingEmailAddress AAD-UserReadUsingObjectId这样的技术配置文件,我们必须指定b2c-extensions-app在App Registrations > All Applications下找到的ClientId和ObjectId。
因此,我从AAD-UserReadUsingEmailAddress的元数据中删除了client_id,并将其添加到由UserReadUsingEmailAddress AAD-UserReadUsingObjectId引用的AAD-Common TechnicalProfile下。
英文:
Ok, after some digging I found that the clientId I was sending to AAD-UserReadUsingEmailAddress was incorrect.
To be able to make available extension attributes to Technical Profiles like UserReadUsingEmailAddress AAD-UserReadUsingObjectId, we have to specify the ClientId and ObjectId of the b2c-extensions-app found under App Registrations > All Applications.
So, I removed client_id from Metadata of AAD-UserReadUsingEmailAddress, and instead added it under AAD-Common TechnicalProfile that is referenced by UserReadUsingEmailAddress AAD-UserReadUsingObjectId
<TechnicalProfile Id="AAD-Common">
<DisplayName>Azure Active Directory</DisplayName>
<Metadata>
<Item Key="ApplicationObjectId">b2c-extensions-app object id</Item>
<Item Key="ClientId">b2c-extensions-app client id</Item>
</Metadata>
</TechnicalProfile>
This information is provided below:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-create-custom-attributes-profile-edit-custom
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论