azure-ad-b2c

问题 This question is related to this one. What we'd like to do is: at the moment the user clicks the button like Facebook OR Microsoft account OR Corporate AD in the Sign in page, call a validation technical profile to validate the email address the user is using to sign in. I tried adding an OrchestrationStep like this: <OrchestrationStep Order="4" Type="ClaimsExchange"> <Preconditions> <Precondition Type="ClaimEquals" ExecuteActionsIf="false"> <Value>idp</Value> <Value>CorporateAD</Value>

问题 I am trying to get Azure AD B2C to get the users email address but I don't see anything in the token that provides it, even though my signin/signup policy makes a "claim" on the users email address. How do you do I get the email address? More generally, is there any documentation other than the samples that explains how this service is intended to work? 回答1: Under application claims, check Email Addresses . Here's some documentation about selecting claims/setup. 来源： https://stackoverflow.com

问题 I am trying to get Azure AD B2C to get the users email address but I don't see anything in the token that provides it, even though my signin/signup policy makes a "claim" on the users email address. How do you do I get the email address? More generally, is there any documentation other than the samples that explains how this service is intended to work? 回答1: Under application claims, check Email Addresses . Here's some documentation about selecting claims/setup. 来源： https://stackoverflow.com

问题 Following on from JavaScript OAuth2 flow for Azure AD v2 login does not give an access_token, I'm trying to figure out the best endpoint to use, to get the logged in users details (eg, display name, email, etc.). However, I noticed in there are 2 potential endpoints I can use https://outlook.office.com/api/v2.0/me https://graph.microsoft.com/v1.0/me 1, is used in bell for hapijs and is documented in Use the Outlook REST API. However, in bell, I can't seem to figure out the scope I need to get

问题 We are using Azure B2C with a Reset password policy using MFA . ADAL is used for authentication and Graph API to create / update a user. When a user invokes the Reset password policy (thru a link on the app), he first needs to provide an email address where a verification code is sent. Then (because MFA is enabled), if the user has a phone number in his Authentication Contact Info , Azure can send a text message or call this number to perform a second authentication check. However, if the

问题 AD FS is configured with custom policies as a claims provider on Azure AD B2C using WS-Federation and SAML. The relying party on Azure AD B2C is using OpenID Connect. Is it possible to do front-channel single logout initiated through OpenID Connect? OpenID Connect Front-Channel Logout 1.0 - draft 02: http://openid.net/specs/openid-connect-frontchannel-1_0-ID1.html Single logout is initiated from the relying party using OpenID Connect and continued through Azure AD B2C using WS-Federation and

问题 How does B2C handle this situation? I couldn't find anything on docs.microsoft.com 回答1: Azure AD B2C does provide password lockout. The logic and duration is not a straight forward, "lock out X minutes with exponential cooldown after Y wrong password attempts." There's an intelligent and evolving algorithm that considers many other signals to disambiguate between bad actors and mistakes and other benign scenarios. Read more about in the Azure AD B2C Threat Management documentation 来源： https:/

问题 Hi the custom policy gets called with the client id of the B2C app https://login.microsoftonline.com/TENANT/oauth2/v2.0/authorize?p=B2C_1A_POLICY&client_id=THE-CLIENT-ID-I-WANT How can I access this in the policy, i thought this would be hard coded to the client_id claim but I dont think it is Its only returned as default as the aud claim but again I dont see that in the custom policy Thanks 回答1: Ok its a bit of a work around but I tried with a standard UserJourneyContextProvider technical

问题 We leverage Azure AD B2C in our solution with a "sign up or sign in" policy. On a regular basis (I have not counted the exact number of days), when I try to login, I got : "invalid username or password". I have to reset my password to make it work. So I have two questions : Is there a default password expiration policy ? One of the feature request on Azure B2C Connect is to enable the definition of such custom expiration policy but I have not found in the documentation the fact that a default

问题 In Azure B2C with the GraphAPI I can change the email address of an existing user with a http PATCH command: https://azure.microsoft.com/nl-nl/documentation/articles/active-directory-b2c-devquickstarts-graph-dotnet/ "SignInNames": [ { "type": "emailAddress", "value": "demo@domain.com" } This works, and I can login with the new email address. But this leaves the UPN at the old value, do I need to set the UPN as well, or is there no harm in having the UPN stay at the old email address? 回答1: Yes