azure-ad-b2c

问题 How can I request an Access Token in Postman against an Azure AD B2C tenant? I tried taking the url from Run Now in the Azure portal and putting that in the Auth Url but that produces the following error: Update Following Chris's answer, I'm now past the above error. I'm able to sign-in but still can't get an access token: AADB2C90085: The service has encountered an internal error. Please reauthenticate and try again. Correlation ID: 45c56d47-4739-465f-8e02-49ba5b3a1b86 Timestamp: 2017-11-16

问题 We are using custom SignIn/SigUp Policy, configured Facebook, LinkedIn, Twitter, Google+ as Social IDP's. We have built a custom page where we ask the user for their email and then redirect them to the particular IDP page (we have logic built around this) using domain_hint , for example: domain_hint=facebook.com . I want to pass the email address entered by the user in the first step in login_hint along with domain_hint so that the user doesn't have to enter the email once again when

问题 Hi I started with the sample here https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi And manqaged to get the TaskWebApp talking to the TaskService. I now want to extend the solution to have a 3rd service Im not sure if the problem is within the ConfidentialClientApplication as when it fails to get my tokens i get no exception. I think the issue is the COnfigureApp method in my TaskWebApp is only expecting to manage tokens from the single TokenService. Here is my

问题 I am using Azure AD B2C as an authentication portal. I am trying to guarantee that the Google+ always goes to select account page, by sending the query parameter prompt=select_account. But I am having an hard time reaching this behavior. From google documentation, https://developers.google.com/identity/protocols/OpenIDConnect, it's possible to receive this parameter, which will guarantee that user goes to select account. When following the documentation, https://docs.microsoft.com/en-us/azure

问题 I would like the policyId to be included in the claims that are returned when my Customized SignUpSignIn policy is executed. I think this should be in claim Id tfp . There is an article on how to do this. In the section "Setting claim representing policy ID" it says to include the key AuthenticationContextReferenceClaimPattern in the "Token Issuer" ClaimsProvider override. <ClaimsProviders> <ClaimsProvider> <DisplayName>Token Issuer</DisplayName> <TechnicalProfiles> <TechnicalProfile Id=

问题 I am looking for a way to authenticate a user by username/password in a headless manner for Azure AD b2c. Azure AD b2c is great but we feel the redirects for logins can lead to confusion among customers (and sometimes even prevented by some browsers). Also we want to be in full control of the customers UX experience. I have researched ADAL and the Graph API but have not found anything yet. Gina 回答1: As mentioned here, you can use Azure AD Apps for the Client Credential Flow for Service

问题 The user could signup and can sign in just fine using Azure AD B2C with an email that contains + . However, when clicking "Forgot password" link on the sign-in page and entering their e-mail with a + char the following error is displayed: I saw 2 related issues on Azure's feedback site: allow plus sign in email addresses [ there's a comment by user Naud van Onna that matches this question. ] I've seen a successful sign-up using a '+' symbol in the email address as well. Unfortunately the

问题 Two part question: On starting up, My Xamarin.Forms app.cs navigates to a login page (ContentPage) with a button. I click the button and I login successfully with this event handler in the app code behind: async void OnLoginButtonClicked(object sender, EventArgs e) { try { bool authenticated = await App.AuthenticationProvider.LoginAsync(); if (authenticated) { Application.Current.MainPage = new PapMobLandingPage(); } else { await DisplayAlert("Authentication", "Authentication", "OK"); } }

问题 When people create a local account with user name, email, password and etc., they can log in to the Azure AD B2C Portal via username@tenant.onmicrosoft.com. Then is it possible to let them log in to the portal via social identity provided by Facebook or other external services? I don't feel it's viable though. 回答1: No it is not. Azure Portal uses "regular" Azure AD as its identity provider. Thus it will not redirect the user to login with their identity provider. You can only login using

问题 When people create a local account with user name, email, password and etc., they can log in to the Azure AD B2C Portal via username@tenant.onmicrosoft.com. Then is it possible to let them log in to the portal via social identity provided by Facebook or other external services? I don't feel it's viable though. 回答1: No it is not. Azure Portal uses "regular" Azure AD as its identity provider. Thus it will not redirect the user to login with their identity provider. You can only login using