我如何在重定向到AZURE AD B2C的电子邮件中包含电子邮件 [英] How do i include email in the redirect to AZURE AD B2C

问题描述

我已经建立了一个Azure B2C租户，并使用自定义策略将azure广告添加为IDP，以便用户可以使用其域帐户进行注册.我可以建立一个自定义页面，向他们询问他们的电子邮件，然后将其重定向到适当的策略(一个用于工作域帐户，另一个用于个人电子邮件)，这样他们就不必在工作和个人电子邮件之间做出选择.问题是我不想让用户再次输入电子邮件.有没有办法做到这一点?我基本上想实现与Azure AD通用端点对所有帐户所做的相似的事情.

I have set up an Azure B2C tenant and used custom policies to add azure ad as an IDP so that users can sign up with their domain accounts. I can build a custom page where ask them for their email and then redirect them to the proper policy(one for work domain accounts and another for personal emails), so that they do not have to make the choice between work and personal emails. The problem is that I do not want to make the user enter the email once again. Is there a way/option to do this? I basically want to achieve something similar to what the common endpoint of Azure AD does for all accounts.

推荐答案

对于自定义策略，如果将"login_hint"查询字符串参数添加到OpenID Connect身份验证请求中，则可以将登录字段默认为该登录提示通过将"SelfAsserted-LocalAccountSignin-Email"技术配置文件的"DefaultValue"属性添加到"signInName"输入声明中，如下所示:

For a custom policy, if you add the "login_hint" query string parameter to the OpenID Connect authentication request, then you can default the login field to this login hint by adding the "DefaultValue" attribute to the "signInName" input claim for the "SelfAsserted-LocalAccountSignin-Email" technical profile as follows:

<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
  <DisplayName>Local Account Signin</DisplayName>
  ...
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="signInName" DefaultValue="{OIDC:LoginHint}" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
    ...
  </OutputClaims>
  ...
</TechnicalProfile>

"DefaultValue"属性引用声明解析器，该声明器将"signInName"声明类型设置为OpenID Connect身份验证请求的"login_hint"参数.

The "DefaultValue" attribute references a claims resolver that sets the "signInName" claim type to the "login_hint" parameter of the OpenID Connect authentication request.

请参见 设置直接登录-使用Azure Active Directory B2C 文章获取有关传递"login_hint"查询字符串参数的更多信息.

See the Set up direct sign-in using Azure Active Directory B2C article for more information about passing the "login_hint" query string parameter.

这篇关于我如何在重定向到AZURE AD B2C的电子邮件中包含电子邮件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！