问题
This a (mostly) theoretical question from a new B2C user.
If all of the claims I send to the RP are available from an OIDC ClaimsProvider, I seem to be able to create a "pass through" custom policy that doesn't actually require an Azure AD user to exist - token is just created from claims.
Are there any ways in which this will break B2C processing? I haven’t found any during limited testing. Does it pose any long-term headaches for B2C support?
回答1:
Well, at the very least it is unexpected. And that means you will be on a path where you are mostly on your own.
AFAIK (which is certainly not everything) the benefits you get from B2C, self-service for example, you will not get without having a set of registered users in your B2C tenant. And with that, my question back would be: why not authenticate to that OIDC directly ?
来源:https://stackoverflow.com/questions/65753773/could-an-azure-ad-b2c-custom-policy-theoretically-produce-a-token-from-social-id