在自定义策略中获取Azure AD B2C应用程序客户端ID [英] Get the Azure AD B2C Application client id in the custom policy

问题描述

您好，自定义策略被B2C应用的客户端ID调用

Hi the custom policy gets called with the client id of the B2C app

https://login.microsoftonline.com/TENANT/oauth2/v2.0/authorize?p=B2C_1A_POLICY&client_id=THE-CLIENT-ID-I-WANT

我如何在策略中访问此密码，我认为这将被硬编码到client_id声明中，但我认为不是

How can I access this in the policy, i thought this would be hard coded to the client_id claim but I dont think it is

它仅作为默认值作为aud声明返回，但同样，我在自定义策略中看不到它

Its only returned as default as the aud claim but again I dont see that in the custom policy

谢谢

推荐答案

好了一些，但是我尝试使用标准的UserJourneyContextProvider技术配置文件，但这没用

Ok its a bit of a work around but I tried with a standard UserJourneyContextProvider technical profile and this didnt work

所以要获取客户ID作为声明，我做了以下

so to get the client id as a claim I did the following

创建业务流程步骤

<OrchestrationStep Order="2" Type="ClaimsExchange">
  <ClaimsExchanges>
   <ClaimsExchange 
       Id="ClientIdFromOIDC-JC" 
       TechnicalProfileReferenceId="Get-ClientID-FromOIDC"/>
   </ClaimsExchanges>
  </OrchestrationStep>     

然后创建一个RESTFUL技术概要文件，该概要文件将调用功能应用程序，并通过{OIDC:ClientID}传递OIDC

Then create a RESTFUL technical profile which will call a Function App passing the OIDC with the {OIDC:ClientID}

<TechnicalProfile Id="Get-ClientID-FromOIDC">
    <DisplayName>Get-ClientID-FromOIDC</DisplayName>
    <Protocol Name="Proprietary" 
    Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, 
    Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
    <Metadata>
     <Item Key="AuthenticationType">None</Item>
     <Item Key="ServiceUrl">--FUNCTION APP URL--</Item>
     <Item Key="SendClaimsIn">QueryString</Item>
    </Metadata>
    <InputClaims>
      <InputClaim 
        ClaimTypeReferenceId="client_id" 
        PartnerClaimType="client_id"  
        DefaultValue="{OIDC:ClientId}" />
     </InputClaims>
     <OutputClaims>
       <OutputClaim ClaimTypeReferenceId="client_id" />
      </OutputClaims>
  </TechnicalProfile>

然后最后创建一个功能应用程序，该应用程序从查询字符串中接受客户端ID，并以正确的格式返回该ID以供B2C识别

And then finally create a function app which accepts the client id from the querystring and returns it with the correct format for B2C to identify

使用System.Net； 使用System.Net.Http.Formatting;

using System.Net; using System.Net.Http.Formatting;

  public static async Task<HttpResponseMessage> Run(HttpRequestMessage req, 
  TraceWriter log)
  {
       log.Info("C# HTTP trigger function processed a request.");
      // parse query parameter
      string client_id = req.GetQueryNameValuePairs()
        .FirstOrDefault(q => string.Compare(q.Key, "client_id", true) == 0)
        .Value;

      return req.CreateResponse<ResponseContent>(
      HttpStatusCode.OK, new ResponseContent
      {
          version = "1.0.0",
          status = (int) HttpStatusCode.OK,
          client_id = client_id
      },
      new JsonMediaTypeFormatter(), "application/json");

   }

   class ResponseContent {
     public string version;
     public int status;
     public string client_id;
 }

您现在将在索赔袋中获得B2C应用程序client_id作为索赔，以便现在就可以使用它来做自己想做的事情

You will now get the B2C application client_id as a claim in the claim bag so you can do what you want with it now

这篇关于在自定义策略中获取Azure AD B2C应用程序客户端ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！