azure-ad-b2c

问题 I am using Azure AD B2C custom policies to get claims from a third party and map it to the claims which are returned in the Azure AD B2C token. If the third party returns claims in the form of string, my User journey in the policy works fine. My problem is that the third party is returning the claims in the form of json. I couldn't find any relavant in the B2C policy's XML Schema that can handle this case. Is there any way to do this using Azure AD B2C Custom policies ? 回答1: Though I don't

问题 I followed this example https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-web-dotnet-susi from the Azure AD B2C documentation page on the Microsoft site. Got it working fine but the problem is that the access token has a one hour lifetime and after that hour the user needs to re-login. I don't want to extend the access_token lifetime but would like to refresh the token before the access_token is expired. How can I achieve this? The source code can

问题 I am implementing Azure Active Directory B2C from this official tutorial. when I run my code it says 404 - File or directory not found. The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable. The issue is with URL, it contain question mark (screenshot). In place of question mark there should me an ampersand (&), if I manually replace "?" with "&" it works fine. Here my startup class public partial class Startup { // App config settings

问题 I would like to implement multiple sign up/sign in policies in Azure AD B2C similar to this question but I don't know how to configure my solution in Visual Studio to reference the different signup policies specified in the web.config file. Can anyone help please? 回答1: You can invoke a different policy for a different type of user by passing the requested policy from a controller method to the authentication middleware: public IActionResult LogInForIndividualCustomer() { return LogInFor

问题 For one of my dashboards, I want to show all the users and their (security) groups. I can call the Graph API just fine ( myorganization/users and myorganization/groups ) and query it with the OData query filters, but the problem lies in the expanding. When I use GET /myorganisation/users&expand=memberOf I get an internal server error. (tried both the 1.0, 1.6 and beta API version) When I use GET /myorganization/groups&expand=members I get a proper response, but the expanded member's list has

问题 I am setting up GitHub as a custom provider in Azure AD B2C using custom policies. I am able to get to the login page and successfully redirect back to the correct azure ad link, but a server error in Azure AD B2C always rejects the second part of OAUTH. When I look at the app insights trace logs, it says "An invalid OAuth response was received" and "Unexpected character encountered while parsing value: a" is encountered. Here is the policy provider I set up: <ClaimsProvider> <Domain>github

问题 Following the guide here: Web sign-in with OpenID Connect -> Get A Token. I'm trying to make a post request to access a token, HTTP POST: url: https://login.microsoftonline.com/[az-directory].onmicrosoft.com/oauth2/v2.0/token?p=B2C_1_SiUpIn Post Body: client_id: [client_id for Azure Function App] grant_type: authorization_code scope: https://[url-to-azure-app-api-endpoint] openid offline_access code: [code retrieved from login url] redirect_uri: http://[redirect-uri-used-in-login] client

问题 I have a asp.net web api application with some controllers and a signalR hub. JWT tokens validation with Azure AD B2C is configured like this: services.AddAuthentication(AzureADB2CDefaults.JwtBearerAuthenticationScheme) .AddAzureADB2CBearer(options => _configuration.Bind("AzureAdB2C", options)) This works fine with controllers, and I don't have to worry about the intricacies of Azure AD B2C token validation. Now, for the signalR hub to support Web Sockets or Server-sent events, the

问题 I came across this issue in my app, that azure is letting user register themselves from email and social media (using registered email) both. Thus there are two users with same email Id. Can you guys help me out in this one? Thank you. 回答1: As of now in basic policies, it is not possible. But in advanced policies (IEF) you can make a trick by calling an API to check user email existence using Graph APIs and return success or exception. There is an account linking feature which is in the

问题 I am integrating an "edit profile" policy into a mobile app. The starting scenario is that the user is already signed in, either with a local (email) account or a social account. Whenever I invoke the "edit profile" policy from the app, it first displays an IdP selection page. Since the user is already signed in, this is extremely confusing for the user, and unnecessary. Furthermore, if the user is signed in with a local account, she is forced to enter her credentials again. How can I