azure-ad-b2c

问题 User Story: Given an ADB2C User, with Global Administrator role and an oid of 01234567-901a-bcde-f012-3456789abcde (not a real oid), I want to be able to log in as that user and retrieve the user profile from "https://graph.microsoft.com/beta/me" or "https://graph.microsoft.com/beta/users/01234567-901a-bcde-f012-3456789abcde". Both are listed in the documentation as valid endpoints for B2C. It's not working: In an app registration with only Microsoft Graph permission scopes assigned, I used

问题 I've changed the setting in "LocalAccountDiscoveryUsingEmailAddress" for the password reset flow by adding: <Item Key="setting.retryLimit">5</Item> in the Metadata section. However, it doesn't seem to work - the limit is still the default of 3 when I try and send invalid codes. Does this setting apply in this scenario? 回答1: setting.retryLimit defines the maximum number of times that the validation technical profiles for a self-asserted technical profile can fail. I believe the verification

问题 Using AAD B2C, I'd like to enable end-users to login using their Microsoft-Live or Google identity providers (delegate the authentication). However, I have a set of custom claims in AAD B2C for my users (some roles, for example). So, once the user authenticates into google, I need to add or "map, merge" the claim set with this user's custom claims in AAD B2C and return the consolidated claim-set to my application. My question: where can I add or map these claims in the claimset returned by

问题 This a (mostly) theoretical question from a new B2C user. If all of the claims I send to the RP are available from an OIDC ClaimsProvider, I seem to be able to create a "pass through" custom policy that doesn't actually require an Azure AD user to exist - token is just created from claims. Are there any ways in which this will break B2C processing? I haven’t found any during limited testing. Does it pose any long-term headaches for B2C support? 回答1: Well, at the very least it is unexpected.

问题 I have Azure AD configured as an identity provider. I wanted to know if it is possible to have Azure AD pass along the email address of the user and pass that along as a claim in the token we obtain when users log in. If not, how can I achieve this, I am new to B2C. 回答1: You can use Azure AD Custom claims to issue the "email" claim in the Azure AD Token that is returned to AAD B2C. This claim is only populated if the user has an Exchange Online inbox. If you are using custom policies in Azure

问题 I'm using custom policies in my B2C tenant and found out that the "Forgot password?" link redirects to an error page ( AADB2C90118 ). After researching on the Internet I found a custom policy which allows me to embed the password reset inside the sign-up or sign-in policy. This works like a charm, validating the email an changing the password as expected. The issue I have is that I want to redirect the user to the sign-in page after the reset password is completed successfully. My goal would

问题 In this documentation it gives a complete flow for a web application that calls a web API: The web application executes a policy and the user completes the user experience. Azure AD B2C returns an (OpenID Connect) id_token and an authorization code to the browser. The browser posts the id_token and authorization code to the redirect URI. The web server validates the id_token and sets a session cookie. The web server asks Azure AD B2C for an access_token by providing it with the authorization

问题 I'm having problems calling a rest api from a custom policy. I need the data sent into the rest api like the following { "correlationId": "123456", "message": { "email": "test@somedomain.com" } } I have the following Claims Transformation <ClaimsTransformation Id="GenerateGetAadRequestBody" TransformationMethod="GenerateJson"> <InputClaims> <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="message.emailAddress" /> <InputClaim ClaimTypeReferenceId="correlationId"

问题 I'm having problems calling a rest api from a custom policy. I need the data sent into the rest api like the following { "correlationId": "123456", "message": { "email": "test@somedomain.com" } } I have the following Claims Transformation <ClaimsTransformation Id="GenerateGetAadRequestBody" TransformationMethod="GenerateJson"> <InputClaims> <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="message.emailAddress" /> <InputClaim ClaimTypeReferenceId="correlationId"

问题 Hello I am learning using MSAL but met a wired issue. I totally followed the tutorial, and I am using the sample code. But I still got this exception building the client in App.xaml.cs : microsoft.identity.client.msalclientexception: the application cannot access the ios keychain for the application publisher (the team id is null). this is needed to enable single sign on between applications of the same publisher. this is an ios configuration issue. see https://aka.ms/msal-net-enable-keychain