注册后如何为Azure AD B2C用户设置信息? [英] How to set information to Azure AD B2C users after registration?
问题描述
在我的应用程序中,我有以下情形:
In my application I have the following scenario:
用户首先使用SignUp-SignIn用户流在应用程序中注册,因此此时将在Azure AD B2C中创建用户.然后,当用户开始使用该应用程序时,我想向用户添加一些信息,并在下一次授权期间在令牌中对其进行检索.
Users first register in the application Using SignUp-SignIn user flow, so at that point the user is created in Azure AD B2C. Then when the users starts to use the application I want to add some information to the user and retrieve it in the token during the next authorizations.
我要添加给用户的信息如下:
The information I want to add to the user is the following:
1-我在数据库中使用的标识符,用于存储与创建的用户相关的数据
1- Identifier I use in my database to store data related to that created user
2-某些应用程序角色(例如,客户,商店所有者...)-在这里,如果我可以阻止用户根据该角色发出请求,那很好,但是在之后的代码中对其进行检查并不重要请求已执行
2- Some application role (e.g. customer, shop owner...) - here, it would be great if I can prevent users to make requests based on that role, but not a big deal to check it in the code after the request is executed
我的想法是使用Graph API并将此数据以自定义属性分配给用户,因此该数据始终由API管理,用户无法自己更改.
The idea I have is to use Graph API and assign this data in a custom attribute to the users, so this data is always managed by the API and user can't change it himself.
然后我在考虑是否也可以将该方法与组混合使用,以便某些请求仅适用于属于某个组的用户.
Then I am thinking if mixing that approach with groups could be also and option so some requests will be only available for users that belong to some group.
达到我的要求的最佳方法是什么?
What is the best approach to achieve my requirements?
推荐答案
开箱即用的AAD B2C SignUp-SignIn用户流未公开任何与安全组相关的功能.
Out-of-the-box AAD B2C SignUp-SignIn user flow does not expose any functionality related to Security Groups.
如果要在B2C中使用组声明,请选择通过自定义(IEF)策略添加一些自定义代码.请参阅此答案和
If you want to use group claims in B2C, choose to add some custom code through custom (IEF) policies. See this answer and this post.
In order to achieve your requirements, you could use custom attribute which you have mentioned.
请注意,如果您不希望用户自己设置自定义属性,则无需在"在用户流中使用自定义属性"下的第3步.
Please note that if you don't want the user to set the custom attribute by themselves, you don't need to do this 3rd step under "Use a custom attribute in your user flow":
- 选择用户属性,然后选择定制属性(例如,"ShoeSize").点击保存.
创建自定义属性后,可以在MS Graph API中使用自定义属性.
After you create the custom attribute, you can Get the application properties and Using custom attribute with MS Graph API.
使用Microsoft Graph更新用户的自定义属性:
Update the custom attribute for a user with Microsoft Graph:
PATCH https://graph.microsoft.com/v1.0/users/userID
{"extension_831374b3bd5041bfaa54263ec9e050fc_ShoeSize": "123"}
然后,您可以像这样获得令牌中的自定义属性声明:"extension_ShoeSize":"123" .
Then you can get the custom attribute claim in token like this: "extension_ShoeSize": "123".
这篇关于注册后如何为Azure AD B2C用户设置信息?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
