如何使用自定义策略使login_hint与社交IDP一起使用 [英] how to get login_hint working with social IDP using custom policy
问题描述
我们正在使用自定义的登录/签名策略,并将Facebook,LinkedIn,Twitter,Google +配置为社交IDP.
We are using custom SignIn/SigUp Policy, configured Facebook, LinkedIn, Twitter, Google+ as Social IDP's.
我们建立了一个自定义页面,我们在该页面中向用户询问他们的电子邮件,然后使用domain_hint将他们重定向到特定的IDP页面(我们以此为基础构建了逻辑),例如:domain_hint=facebook.com.
We have built a custom page where we ask the user for their email and then redirect them to the particular IDP page (we have logic built around this) using domain_hint, for example: domain_hint=facebook.com.
我想将用户在第一步中输入的电子邮件地址和domain_hint一起传递给login_hint,这样,当用户重定向到IDP页面(Facebook. com).
I want to pass the email address entered by the user in the first step in login_hint along with domain_hint so that the user doesn't have to enter the email once again when redirected to the IDP Page (Facebook.com).
我从ID B的AD B2C文档中获取了代码,并按如下所示将其添加到了不起作用的Facebook,Linkedin,Twitter等声明提供程序中
I took the code from the AD B2C documentation for IDP's and added as below in claims provider for Facebook, Linkedin, Twitter etc. which is not working
<InputClaims>
<InputClaim ClaimTypeReferenceId="logonIdentifier" PartnerClaimType="login_hint" DefaultValue="{OIDC:LoginHint}" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="logonIdentifier" Required="true" />
</OutputClaims>
有没有办法实现这一目标?
Is there a way/option to achieve this?
推荐答案
对于上述身份提供商,Google是唯一支持登录提示的提供商,因此,如果将domain_hint和login_hint参数添加到Azure中广告B2C请求:
For the above identity providers, Google is the only one that supports a login hint, so if you add the domain_hint and login_hint parameters to the Azure AD B2C request:
https://login.microsoftonline.com/te/<tenant>/<policy>/oauth2/v2.0/authorize?...&domain_hint=google.com&login_hint=someone@somewhere.com
然后,您可以按照以下方式将"login_hint"参数从Azure AD B2C传递到Google终结点:
then you can pass the "login_hint" parameter through from Azure AD B2C to the Google endpoint as follows:
1)创建一个"loginHint"声明类型:
1) Create a "loginHint" claim type:
<ClaimType Id="loginHint">
<DisplayName>Login Hint</DisplayName>
<DataType>string</DataType>
</ClaimType>
2)将"loginHint"输入声明添加到Google技术资料中:
2) Add the "loginHint" input claim to the Google technical profile:
<ClaimsProvider>
<Domain>google.com</Domain>
<DisplayName>Google Account</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="GoogleAccount-OAuth2">
<DisplayName>Google Account</DisplayName>
<Protocol Name="OAuth2" />
...
<InputClaims>
<InputClaim ClaimTypeReferenceId="loginHint" PartnerClaimType="login_hint" DefaultValue="{OIDC:LoginHint}" />
</InputClaims>
...
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
这篇关于如何使用自定义策略使login_hint与社交IDP一起使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
