问题
I have Azure AD configured as an identity provider. I wanted to know if it is possible to have Azure AD pass along the email address of the user and pass that along as a claim in the token we obtain when users log in. If not, how can I achieve this, I am new to B2C.
回答1:
You can use Azure AD Custom claims to issue the "email" claim in the Azure AD Token that is returned to AAD B2C. This claim is only populated if the user has an Exchange Online inbox.
If you are using custom policies in Azure AD B2C, you can output the claim into the claimbag using:
<OutputClaim ClaimTypeReferenceId="aadEmail" PartnerClaimType="email" />
Where the ClaimTypeReferenceId is the claimbag claim that AAD B2C will store, and the PartnerClaimType is the name of the claim in the AAD Token you want to parse.
If the users do not have an EXO mailbox, then you could rely on the users UserPrincipalName coming back from Azure AD. That is in the claim called unique_name. So you could map that in the AAD technical profile by adding the following:
<OutputClaim ClaimTypeReferenceId="upn" PartnerClaimType="unique_name" />
If you are using AAD B2C User Flows, map it as per the doc step 11:
- Email: unique_name
or - Email: email (if the users have EXO inboxes).
来源:https://stackoverflow.com/questions/62667559/obtain-email-address-from-sign-up-and-sign-in-v2-policy