通过Azure AD B2C将第三方IDP的访问令牌传递给应用程序 [英] Pass access token of a third party IDP to the application via Azure AD B2C

问题描述

我正在开发一个可以读取给定OneDrive帐户文件的应用程序.

I’m working on an application which can read files of a given OneDrive account.

我们使用Azure AD B2C作为身份提供者.用户也可以使用其Microsoft帐户登录到该应用程序.为此，我启用了Microsoft作为我的AAD B2C租户中的身份提供者.

We use Azure AD B2C as the identity provider. Also users can login to the application using their Microsoft account. For that I have enabled Microsoft as an Identity Provider in my AAD B2C tenant.

当给定用户使用其Microsoft帐户登录时，应用程序应该能够获取 access_token ，这使我们能够与MS Graph API进行通信，以获取文件详细信息.

When a given user is login using their Microsoft account, application should be able to get an access_token which enables us to communicate with MS Graph API, in order to fetch file details.

但是，根据本文，仅支持Facebook和Google.

However, according to this article, this is support only for Facebook and Google only.

Azure AD B2C当前仅支持传递OAuth 2.0身份提供商(包括Facebook和Google)的访问令牌.对于所有其他身份提供者，索赔将返回空白.

Azure AD B2C currently only supports passing the access token of OAuth 2.0 identity providers, which include Facebook and Google. For all other identity providers, the claim is returned blank.

有人建议在我的用例中完成这项工作吗?

Any suggestion to get this work in my use case?

推荐答案

您可能必须

You might have to create a custom policy that is enabled for sign-in with Microsoft.

然后，您可以通过通过访问令牌(使用

Then, you can pass through the access token from the Microsoft Account identity provider to the end-user application, using the {oauth2:access_token} claims resolver.

这篇关于通过Azure AD B2C将第三方IDP的访问令牌传递给应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！