Using Azure AD B2C with Bot

问题

I've created a bot in Azure that uses a SignInCard to give users the option to log-in or register as customers. This is the SignInCard I currently have:

messageActivity.Attachments.Add(new SigninCard()
            {
                Buttons = new List<CardAction>()
                {
                    new CardAction()
                    {
                        Title = "Log in here",
                        DisplayText = "Log in here",
                        Value = "https://login.microsoftonline.com/XXXXXXXX.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1_SiUp&client_id=XXXXX-XXXX-XXXX-XXXX-XXXXXXXd&nonce=defaultNonce&redirect_uri=http%3A%2F%2Flocalhost%3A3980%2Fapi%2Flogin&scope=openid&response_type=id_token&prompt=login",
                        Text = "Sign in/Register",
                        Type = ActionTypes.Signin,                        
                    }
                }                
            }.ToAttachment());

The bot correctly shows the card and when I click it, it opens the browser with the correct providers, that work perfectly (I can sign-in and register).

On my end, I have a Web API with a LoginController mapped to my Return Url (that is localhost:3980/api/login).

To verify that the Return Url is being called, I put a breakpoint in LoginControl.Get:

public class LoginController : ApiController
{
    [HttpGet]
    public IHttpActionResult Get()
    {
        return Ok();     //The breakpoint here is hit!
    }
}

After login, the Get method is called as the breakpoint is hit, But what comes next? I don't know how to proceed.

The only think I've discovered is that the LoginController.Get method is being invoked by Azure B2C AD with a URL like this:

http://localhost:3980/api/login#id_token=eyJ0eXAi...

I guess it's that URL what is being called because it shows in the address bar of my browser.

So, it's sending something called "id_token", but inside the Controller.Get method I cannot seem to have access to it.

What's the id_token? How to get it?

回答1:

AuthBot and also BotAuth are samples which contain authentication implementation approaches.

You have to use Graph Api for to getting user principles using token received from authenticator service (More specific to Azure Active Directory). Token will receive in call back url which you have configured in AAD application.

In samples, you will get a complete implementation of user authentication.

Hope this will help you.

来源：https://stackoverflow.com/questions/51533608/using-azure-ad-b2c-with-bot