Azure Active Directory B2C-登录/注册和密码重置的用户流(策略) [英] Azure Active Directory B2C - User flows (policies) for signin/signup and password reset
问题描述
我只想通过身份验证通过我的网站built in PHP中的Azure Active Directory(AD)B2C集成多因素身份验证(MFA),
I want to integrate Multi Factor Authentication (MFA) through Azure Active Directory (AD) B2C in my website built in PHP only for authentication purpose,
我检查了其文档和一些代码示例,并从其教程中创建了以下内容,该教程在此处
I checked its documentation and some code samples, I have created following things from its tutorial which mentioned here https://docs.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-tenant
- Azure AD B2C租户
- 注册一个Web应用程序(回复URL为
https://jwt.ms) - 创建注册和登录用户流程/密码重置用户流程
我通过标题为Run user flow end point ►的Azure Portal提供的URL测试了注册/登录用户流和密码重置用户流,并按预期正常工作,并且在成功响应后,我获得了JWT令牌,其中包含这样的信息:
I tested sign-up/sign-in user flow and password reset user flow by URL provided from Azure Portal with heading Run user flow end point ►, and its working perfect as expected, and on successful response I got a JWT token, which contains information like this:
但是我不确定我计划的内容是否符合标准,
But I am not sure that what I have planned is correct according to standard,
我的计划是这样的-我将在用户个人资料部分中提供一个启用/禁用MFA的选项,因此,如果用户启用了MFA,则在成功登录后(通过电子邮件和密码存储在数据库中),用户将被重定向到MFA页面, 在MFA页面上,有2个按钮,注册/登录"和忘记密码",
My planning is like this - I will give an option in user profile section to enable/disable MFA, So if an user enables MFA, then on next login, after successful authentication (through email and password stored in database), user will be redirected to a MFA page, On MFA page there are 2 buttons, Sign up/Sign in and Forgot Password,
-
注册/登录-此按钮具有由Azure AD B2C上的注册并登录"用户流创建的链接-用户流(策略),
Sign up/Sign in - this button have link created by "Sign up and Sign in" user flow at Azure AD B2C - User flows (policies),
忘记密码-此按钮具有由Azure AD B2C上的密码重置"用户流程创建的链接-用户流程(策略),-我需要添加此内容,因为在注册/登录"中的忘记密码"链接不能按预期工作,它将在Reply Url上重定向,并提供一些信息和类似AADB2C90118: The user has forgotten their password
Forgot Password - this button have link created by "Password reset" user flow at Azure AD B2C - User flows (policies), - I need to added this because, the Forgot Password link in Sign up/Sign in not working as intended, It will redirected on Reply Url, with some information and a message like this AADB2C90118: The user has forgotten their password
在两个用户流程中,我都启用了MFA, 因此,在成功的MFA上,我会将用户重定向到我网站上的信息中心, 否则,用户将保留在MFA页面上,
In both user flows I enabled MFA, So on successful MFA, I will redirect user to dashboard in my website, Otherwise user will remain on MFA page,
-
我解释了我的计划,请提出建议,如果我在注册/登录"或忘记密码"流程中做错了什么?或者,如果我可以做得更好,
I explained my planning, please suggest me, if am I doing something wrong in Sign up/Sign in or Forgot Password flow? Or if I can make it better,
要在PHP中解码JWT令牌,我在.上将其断开,并使用base64_decode()提取数据,手动解码是否好?还请让我知道如何验证它?
For decode JWT token in PHP, I am breaking it on . and using base64_decode() to extract data, Is it good to decode it manually? Also please let me know how can I validate it?
任何帮助或建议对我都会有所帮助,
Any help or suggestions will helpful for me,
预先感谢
推荐答案
1.我解释了我的计划,请提出建议,如果我正在做某事 注册/登录错误或忘记密码流?或者如果我可以 更好
1. I explained my planning, please suggest me, if am I doing something wrong in Sign up/Sign in or Forgot Password flow? Or if I can make it better
看来您使用的是正确的方法,但是如果您愿意,可以在密码上添加一些自定义规则集,以使其更加安全可靠. B2C在那里提供了许多规则.您可以找到所有密码实施规则此处.
Seems you are on a right way, But if you want you could add some custom set of rules on your password to make it more secure and reliable. B2C provides many rules there. You can find all Password enforcement rule here.
2.为了在PHP中解码JWT令牌,我在上对其进行了破解.并使用 base64_decode()提取数据,手动解码是否好? 还请让我知道如何验证它?
2. For decode JWT token in PHP, I am breaking it on . and using base64_decode() to extract data, Is it good to decode it manually? Also please let me know how can I validate it?
使用base64破坏JWT令牌是可以的.您可以手动检查它,但是在程序中处理它是一种很好的做法.关于令牌验证,可能已经解决了一些线程,因此我在其中引用了一些您可以轻松实现的线程.请在此处检查您如何验证Jwt令牌,同时还要检查
Breaking JWT token using base64 is alright. You can check it manually but its good practice to handle it in program. There are may thread already been solved regarding token validation so I am referring among those which you can easily implement. Check here how would you validate Jwt token also check this
注意对于手动解码,您可以验证 https://jwt.io/在这里,您可以一起获得许多算法.
Note For manual decode you could validate https://jwt.io/ here you can get many algorithm together.
您可以尝试
Having look on your case I also suggest you to take a look on B2C self-service password reset option which also popular among the developer so far I know. You can try it out in result it will reduce many of your overhead and let you handle the scenario without taking more hassle.
注意::请查阅令牌验证,您将对如何验证自己的方法有所了解 令牌
Note : Please have look on referred document for token validation you would get some good idea how you can validate your token
这篇关于Azure Active Directory B2C-登录/注册和密码重置的用户流(策略)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
