问题
I've created a simple Blazor server application linking to an Azure B2C directory for authorization.
Everything works but I need to add additional role claims to the token. Research has pointed me to this SO post which refers to adding the claims during the AuthorizationCodeReceived notification(Example here).
I understand what I need to do, but the example is using OpenIdConnectAuthentication (from Microsoft.Owin.Security.OpenIdConnect) instead of Blazor server's Microsoft.AspNetCore.Authentication.AzureADB2C.UI.
How can I still access and amend the claims in the token once it's received? Is such a thing supported in Microsoft.AspNetCore.Authentication.AzureADB2C.UI or should be switching to OpenId?
Below is the boilerplate included in a basic Blazor server application but the AzureADB2COptions are all just string config values.
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options));
services.AddRazorPages();
services.AddServerSideBlazor().AddCircuitOptions(o =>
{
if (_environment.IsDevelopment()) //only add details when debugging
{
o.DetailedErrors = true;
}
});
// remaining service configuration
}
回答1:
You can try to override the specific schema after AddAzureADB2C , then register your events like :
services.Configure<OpenIdConnectOptions>(AzureADB2CDefaults.OpenIdScheme, options =>
{
options.ResponseType = "code";
options.Events = new OpenIdConnectEvents
{
OnAuthorizationCodeReceived= async ctx =>
{
.....
},
};
});
Use options.ResponseType = "code" to triage the access token exchange otherwise OnAuthorizationCodeReceived won't fire , you can follow the code sample from here , that code sample doesn't directly use the library , but has the same logic as Microsoft.AspNetCore.Authentication.AzureADB2C.UI1
来源:https://stackoverflow.com/questions/59664401/how-to-hook-into-authorizationcodereceived-when-using-addazureadb2c