b2clogin.com用回调网址中的租户名称替换域名 [英] b2clogin.com replacing domain name with tenant name in callback url

问题描述

我有一个带有自定义域名的Azure AD B2C域。

假设域名是company.com，广告租户名称是company.onmicrosoft.com 。

如果我发送授权请求，例如https：//company.b2clogin.com/company.onmicrosoft.com/b2c_1_signinup/oauth2/v2.0/authorize?client_id = XXXXXXXXXXXXXXXXXXXXXXX& ; response_type = id_token& redirect_uri = https％3a％2f％2fwww.company.com％2flogin％2fcallback& scope = openid& nonce = 1549468309& p = B2C_1_SignInUp& response_mode = fragment

It按预期工作和重定向。 

但是，如果我通过建议的网址发送请求

https：//company.b2clogin的.com / company.com / b2c_1_signinup /的oauth2 / 2.0 /授权的client_id = XXXXXXXXXXXXXXXXXXXXXXX&安培; RESPONSE_TYPE = id_token&安培; REDIRECT_URI = HTTPS％3A％2F％2fwww.company.com％2flogin％2fcallback&安培;范围=的OpenID&安培;随机数= 1549468309&安培; p = B2C_1_SignInUp& response_mode = fragment

我收到错误回复t表示https://www.company.onmicrosoft.com/login/callback不是有效的注册回调网址。

请注意，Azure AD替换了"company.com"。与"company.onmicrosoft.com"相关联在我发送的回调网址中。 

我不想拥有"company.onmicrosoft.com"。在登录URL路径中。 

我的AD B2C实例配置不正确，或者这是Azure AD B2C中的错误？

解决方案

目前不支持用于身份验证和令牌的自定义域名。  ;

如果您希望更改此功能，可以通过用户语音提交功能请求。  https://feedback.azure.com/forums/169401-azure-active-directory/建议/ 15334317-customer-owned-domains

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup- MSA-应用

I have an Azure AD B2C domain with a custom domain name.

Let's say the domain name is company.com and the ad tenant name is company.onmicrosoft.com.

If I send an authorize request such as https://company.b2clogin.com/company.onmicrosoft.com/b2c_1_signinup/oauth2/v2.0/authorize?client_id=XXXXXXXXXXXXXXXXXXXXXXX&response_type=id_token&redirect_uri=https%3a%2f%2fwww.company.com%2flogin%2fcallback&scope=openid&nonce=1549468309&p=B2C_1_SignInUp&response_mode=fragment

It works and redirects as expected. 

However, if I send a request at the suggested url to 

https://company.b2clogin.com/company.com/b2c_1_signinup/oauth2/v2.0/authorize?client_id=XXXXXXXXXXXXXXXXXXXXXXX&response_type=id_token&redirect_uri=https%3a%2f%2fwww.company.com%2flogin%2fcallback&scope=openid&nonce=1549468309&p=B2C_1_SignInUp&response_mode=fragment

I get an error response back that says https://www.company.onmicrosoft.com/login/callback is not a valid registered callback url.

Notice that Azure AD replaces "company.com" with "company.onmicrosoft.com" in the callback url that I sent. 

I would prefer not to have "company.onmicrosoft.com" in the login url path. 

Is my AD B2C instance not configured correctly or is this a bug in Azure AD B2C?

解决方案

Custom owned domains for authentication and tokens is not currently supported. 

If you want this to change you can upvote the feature request in user voice. https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/15334317-customer-owned-domains

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-msa-app

这篇关于b2clogin.com用回调网址中的租户名称替换域名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！