azure-ad-b2c

问题 CompanyA is integrating with CompanyB where CompanyA's users will be buying devices of CompanyB. CompanyA wants to show user's device(CompanyB) details on their app by calling CompanyB's API on each user login. CompanyA user is authenticated on CompanyA IAM. CompanyA has to call register device when user tries to add an device first time. Help me to identify the flow which i can use to query particular loggedin user's device only. Do i need to create duplicate user account on CompanyB's IAM?

问题 I'm using bell and hapijs and trying to get the office365 provider to work, but it seems like the https://login.microsoftonline.com/common/oauth2/v2.0/token endpoint isn't giving me the access_token required for getting profile information. This is the OAuth 2.0 flow I'm seeing: First it redirects to https://login.microsoftonline.com/common/oauth2/v2.0/authorize ?client_id=[client-id] &response_type=code &redirect_uri=http%3A%2F%2Flocalhost%3A5430%2Fapi%2Fv1%2Flogin%2Fazure-ad &state=[state]

问题 I'm unable to get Microsoft Account authentication to work on an AspNet Core 2.1 website (I have Google authentication working). When I click on the Microsoft Account button from the social sign in page, I eventually land on a "technical problems" error page. My web browser is Google Chrome, under Windows 10, latest updates. In an attempt to diagnose what's going on, I installed LinkResearchTools Link Redirect Trace to try and follow the redirects that ultimately landed me on that error page.

问题 We have requirements for a Mobile Application AD B2C client that the user should only need to login once and the login session should never expire. Is this possible with AD B2C? Is it from security perspective desired? My findings so far: I checked the configs and the maximum refresh tokem lifetime is 90 days. Which means if the App is not used for 90 days, the session ends. So my understanding is, it is not secure to keep a refresh token without expiry date. Otherwise the "Keep Me Signed In"

问题 I have a multi-step custom policy that first collects email from user and sends a verification code to the user when user clicks continue. The journey works fine. But the thing is validation of code is happening in next step. I need to bring that code validation in to the first orchestration step. I'm following the below doc to implement this journey: "https://github.com/yoelhor/aadb2c-verification-code" My technical profile is like the following: <TechnicalProfile Id=

问题 I have used Visual Studio's latest New Project wizard to create a ASP Core 2.0 Web page (Razor Pages) that uses Individual Accounts as my authentication option. I have created an Azure AD B2C tenant and validated that it works properly. When I run the web application that was created by the wizard and click Log In in the upper right, it redirects to my Azure AD B2C site, and I can properly login. After login, the callback url goes to the endpoint configured in my user secrets: ...

问题 I have the need to create Azure B2C user accounts programmatically. In a separate user data store I hold pertinent information about the users I need to set up in B2C including their mobile phone number, which we've already been communicating with them on. My business requirement is that this mobile phone number is used as a secondary factor during the user's first-time login/password reset experience. I have an initial login experience which uses an externally-created JWT token to take the

问题 A few days ago, before implementing user management with the Azure Active Directory Graph API (not Microsoft Graph) in our web app for Azure AD B2C users, I was able to log into the Azure Portal, find the Azure Active Directory B2C resource, click on it, and successfully authenticate into it in order to edit policies, view the list of users, etc. (Clicking the tenant in the screenshot used to work!) Now when I click on it, the screen flashes about 10 times, attempting to log my user into the

问题 I would like to change the Azure AD B2C default sign-in picture using the steps listed in this Stack Overflow answer. However, when I log into the Azure Portal and find my instance of Azure AD B2C, and click into it, I see the following lefthand sidebar, which doesn't include the "Users and Groups" tab under the "Manage" section, but only includes the "Users" tab (which, if clicking into it, doesn't have "Company Branding" tab inside). How can I find the "Company Branding" tab? Do I have to

问题 I am using custom policies to do some User Journeys and using SocialAndLocalAccountsWithMfa. In one of the step I am asking the user for their email address I am using "LocalAccountDiscoveryUsingEmailAddress" to get their email address on the first screen. And then depending on if they are registered for MFA they are sent to Mobile OTP screen or sent to the mail address OTP screen. Now what happens is that after they put their email address and press ok (and they are sent to the emial OTP