使用AddAzureADB2C时如何挂钩到AuthorizationCodeReceived? [英] How to hook into AuthorizationCodeReceived when using AddAzureADB2C?

问题描述

我创建了一个简单的Blazor服务器应用程序，该应用程序链接到Azure B2C目录以进行授权. 一切正常，但我需要向令牌添加其他角色声明.研究已将我指向此SO帖子，指的是在通知(此处的示例).

I've created a simple Blazor server application linking to an Azure B2C directory for authorization. Everything works but I need to add additional role claims to the token. Research has pointed me to this SO post which refers to adding the claims during the AuthorizationCodeReceived notification(Example here).

我了解我需要做什么，但是示例使用的是 OpenIdConnectAuthentication (来自Microsoft.Owin.Security.OpenIdConnect)而不是Blazor服务器的Microsoft.AspNetCore.Authentication.AzureADB2C.UI.

I understand what I need to do, but the example is using OpenIdConnectAuthentication (from Microsoft.Owin.Security.OpenIdConnect) instead of Blazor server's Microsoft.AspNetCore.Authentication.AzureADB2C.UI.

收到令牌后，如何仍然可以访问和修改令牌中的索赔? Microsoft.AspNetCore.Authentication.AzureADB2C.UI支持这样的事情还是应该切换到OpenId?

How can I still access and amend the claims in the token once it's received? Is such a thing supported in Microsoft.AspNetCore.Authentication.AzureADB2C.UI or should be switching to OpenId?

下面是基本Blazor服务器应用程序中包含的样板，但AzureADB2COptions都只是字符串配置值.

Below is the boilerplate included in a basic Blazor server application but the AzureADB2COptions are all just string config values.

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
            .AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options));

        services.AddRazorPages();
        services.AddServerSideBlazor().AddCircuitOptions(o =>
        {
            if (_environment.IsDevelopment()) //only add details when debugging
            {
                o.DetailedErrors = true;
            }
        });

        // remaining service configuration
    }

推荐答案

您可以尝试在AddAzureADB2C之后覆盖特定的架构，然后注册事件，例如:

You can try to override the specific schema after AddAzureADB2C , then register your events like :

services.Configure<OpenIdConnectOptions>(AzureADB2CDefaults.OpenIdScheme, options =>
{
    options.ResponseType = "code";
    options.Events = new OpenIdConnectEvents
    {



        OnAuthorizationCodeReceived= async ctx =>
        {


            .....
        },
    };
});

使用options.ResponseType = "code"对访问令牌交换进行分类，否则OnAuthorizationCodeReceived不会触发，您可以按照

Use options.ResponseType = "code" to triage the access token exchange otherwise OnAuthorizationCodeReceived won't fire , you can follow the code sample from here , that code sample doesn't directly use the library , but has the same logic as Microsoft.AspNetCore.Authentication.AzureADB2C.UI1

这篇关于使用AddAzureADB2C时如何挂钩到AuthorizationCodeReceived?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！