azure-ad-b2c

问题 I'm using Azure AD B2C and we've been presented with a preference/requirement from our product team to allow users to sign up/in using either an email address OR a mobile phone number as the user id. Currently the built in flows only allow email or username as the user id. There's strong evidence to suggest that we could create a custom policy to allow for mobile phone number, but what I need is the ability to sign up/in using either email address OR mobile phone number. It seems like I'm not

问题 I have Azure AD B2C where two identity providers Google and Azure AD. Also I have custom policy to login made by this manual. When I click on Google login button in my app, there is a choice of accounts, or I can select to login in new account. But when I select Azure AD provider, then I silently login into my app without any prompt. (The only way to change account is to clear cache of Chrome on my mobile device) Is it possible to make in custom policy for login in Azure AD enable 'Login as

问题 As of today the documentation recommends to use Microsoft Graph instead of Azure AD Graph API to access Azure AD / B2C resources. Before, with Azure AD Graph API, we could use queries like https://graph.windows.net/[tenant]/users/1a2a9c4d-fc59-4fd9-ad14-b72b549cdf6a?api-version=2013-11-08 and the response included Azure B2C custom attributes (created on Azure portal) { "odata.metadata": "https://graph.windows.net/<tenant>/$metadata#directoryObjects/Microsoft.DirectoryServices.User", "value":

问题 I'm sending hidden claims to B2C via a JWT following the WingTig Games demo code. How do I require claim(s) to be sent by the relying party? And if they are not sent, prevent the sign-up process? And provide my own error message to the user? These fields will be hidden from the user. I tried adding required in my leaf policy in the RelyingParty node but it let me through. I tried adding required to my TechnicalProfile node but it let me through. <InputClaims> <InputClaim ClaimTypeReferenceId=

问题 I have followed the Azure Active Directory B2C: Sign in by using Azure AD accounts article but currently receiving an error: AADSTS50011: Reply address '' specified by the request is not a valid URL. When logging in with both Azure AD and Azure AD B2C accounts. I have followed the article through multiple times but have been unable to resolve. It seems to redirect to the App registration correctly but seems to be an issue with the reply URL of the app registration as if I remove this reply

问题 I am experiencing issue trying to obtain a new access token from my AD B2C. From my SPA I use the MSAL.js library (v0.1.3) to authenticate to my AD B2C. After an hour, the access token expires so I do a silent token renew procedure but it fails. I use the following link to get a new access token: https://login.microsoftonline.com/te/myApp.onmicrosoft.com/b2c_1_signin/oauth2/v2.0/authorize?response_type=token&scope=https%3A%2F%2FmyApp.onmicrosoft.com%2Fapi%2Faccount.read%20openid%20profile

问题 "I have an application where I have users authenticated with multiple directories all federated using a ADFS. There is a central ADFS that does the federated and routing to the correct IDP. Most IDP are ADFS that add claims to the SAML token by using the normal ADFS rules. We now have some customers that want to use Azure AD as IDP, but this seems not to allow to add claims like ADFS. What would be the way to add custom claims to a saml token using Azure AD?" 回答1: You can do this by adding

问题 Is there a way to revoke a specific refresh token in Azure AD B2C? It's for the user's management of third app and data access delegation. I only find this method: Revoke-AzureADUserAllRefreshToken I don't know if it will work with Azure AD B2C and it clearly doesn't fit with third app management and opt-out. 回答1: Outdated, see update below. There is no way today to revoke tokens in Azure AD B2C. You can request this via the Azure AD B2C feedback forum. The Revoke-AzureADUserAllRefershToken

问题 My web app doesn't need signup feature. So i am only looking for signin . So i didn't setup anything under signup or sign policies . I am trying to add custom login page to signin policy in Azure AD B2C. I selected Local Account SignIn as Identity provider. But the option Page UI Customization is not enabled and a lock symbol is shown. There is no validation message or information or tooltip explaining what should i do to unlock this feature. But this feature is enabled under signup or sign

问题 Background I have an application in which users signup/sign through AD B2C. In the application, there is a link which will redirect to another application which works on SAML so want MS Azure to work as IDP and sends SAML to the third application. We achieved this in AAD (not AD B2C) through the non-gallery application but getting problems in AD B2C. We followed this document https://github.com/Azure-Samples/active-directory-b2c-advanced-policies/blob/master/Walkthroughs/RP-SAML.md but when