是否可以使Azure AD B2C在对自定义声明REST API的调用中包含aud? [英] Is it possible to get Azure AD B2C to include the aud in calls to custom claims REST API?
问题描述
I setup my Azure AD B2C custom claims REST API as described at https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw and that works as described.
我想对多个应用程序使用相同的API,而不是为每个应用程序构建一个API端点(并且必须复制大多数XML配置).是否可以使Azure B2C在到达API时包含aud值,以便我提供适用于要求它们的应用程序的声明?最后是返回的令牌,因此我假设它是可访问的.
I'd like to use the same API for multiple applications rather than building one API endpoint for each app (and having to replicate most of the XML configuration). Is it possible to get Azure B2C to include the aud value when it hits the API so I can provide the claims that apply to the app asking for them? It is in the token that gets returned in the end so I'm assuming it is accessible.
我查看了TrustFrameworkBase中定义的声明类型,它们似乎都不匹配作为令牌一部分返回的aud值.
I looked at the claim types defined in the TrustFrameworkBase and none of them seem to match the aud value that is returned as part of the token.
我能够返回给定用户的自定义声明,但是我希望能够将其过滤到给定用户针对其身份验证的应用程序的自定义声明.
I'm able to return the custom claims for a given user, but I'd like to be able to filter that down to the custom claims for a given user for the application they are authenticating to.
我会以错误的方式处理吗?有没有更好的方法可以做到这一点?
Am I going about this the wrong way? Is there a better way to accomplish this?
推荐答案
您可以使用首先,声明一个 applicationId (或类似名称)声明类型:
Firstly, declare an applicationId (or similar) claim type:
<ClaimType Id="applicationId">
<DisplayName>Application Identifier</DisplayName>
<DataType>string</DataType>
</ClaimType>
然后在REST API技术资料中,使用{OIDC:ClientId}声明解析器引用此 applicationId 声明:
Then in the REST API technical profile, refer to this applicationId claim using the {OIDC:ClientId} claims resolver:
<InputClaim ClaimTypeReferenceId="applicationId" DefaultValue="{OIDC:ClientId}" AlwaysUseDefaultValue="true" />
这篇关于是否可以使Azure AD B2C在对自定义声明REST API的调用中包含aud?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
