用户旅程完成后，B2C重定向 [英] B2C redirect after user journey is completed

问题描述

我在B2C租户中使用自定义策略，发现忘记密码了?"链接重定向到错误页面( AADB2C90118 ).在互联网上进行研究后，我发现了自定义策略，这使我可以将密码重置嵌入到注册或登录策略中.

I'm using custom policies in my B2C tenant and found out that the "Forgot password?" link redirects to an error page (AADB2C90118). After researching on the Internet I found a custom policy which allows me to embed the password reset inside the sign-up or sign-in policy.

这就像一个超级按钮，可以验证电子邮件并按预期更改密码.我遇到的问题是，我希望在成功完成重置密码后将用户重定向到登录页面.

This works like a charm, validating the email an changing the password as expected. The issue I have is that I want to redirect the user to the sign-in page after the reset password is completed successfully.

我的目标是将用户重定向到登录页面，以便他/她能够唱歌时使用新凭据.是否可以使用自定义策略重置用户旅程或将用户重定向到登录页面?

My goal would be to redirect the user to the sign in page so he/she is able to sing in whit the new credentials. Is there a way to reset the user journey or redirect the user to the sign in page using custom policies?

这是步骤，用于检查用户是否已选择更改其密码:

Here is the Step that check if the user has selected to change his/her password:

<OrchestrationStep Order="3" Type="ClaimsExchange">
      <Preconditions>
        <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
          <Value>isPasswordResetFlow</Value>
          <Action>SkipThisOrchestrationStep</Action>
        </Precondition>
      </Preconditions>          
      <ClaimsExchanges>
        <ClaimsExchange Id="NewCredentials" TechnicalProfileReferenceId="LocalAccountChangePasswordUsingObjectId" />
      </ClaimsExchanges>
    </OrchestrationStep>

这是用于更改密码的 TechnicalProfile :

<TechnicalProfile Id="LocalAccountChangePasswordUsingObjectId">
      <DisplayName>Change password</DisplayName>
      <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
      <Metadata>
        <Item Key="ContentDefinitionReferenceId">api.localaccountpasswordreset</Item>
      </Metadata>
      <CryptographicKeys>
        <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
      </CryptographicKeys>
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="objectId" />

      </InputClaims>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
        <OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
      </OutputClaims>
      <ValidationTechnicalProfiles>
        <ValidationTechnicalProfile ReferenceId="AAD-UserWritePasswordUsingObjectId" />
      </ValidationTechnicalProfiles>
    </TechnicalProfile>

推荐答案

您可以在旅途中使用一个前提条件，根据用户是否重置密码来启动另一个声明提供程序选择，该选择提供的功能与初始符号完全相同内页/上页逻辑.

You could use a precondition in the journey based on whether the user did password reset, to launch another claims provider selection, which offers the exact same as the initial sign in/up page logic.

        <OrchestrationStep Order="5" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
          <Preconditions>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
              <Value>isPasswordResetFlow</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
          </Preconditions>
          <ClaimsProviderSelections>
            <ClaimsProviderSelection TargetClaimsExchangeId="FacebookExchange" />
            <ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
          </ClaimsProviderSelections>
          <ClaimsExchanges>
            <ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
          </ClaimsExchanges>
        </OrchestrationStep>

        <!-- Check if the user has selected to sign in using one of the social providers -->
        <OrchestrationStep Order="6" Type="ClaimsExchange">
          <Preconditions>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
              <Value>objectId</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
              <Value>isPasswordResetFlow</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
          </Preconditions>
          <ClaimsExchanges>
            <ClaimsExchange Id="FacebookExchange" TechnicalProfileReferenceId="Facebook-OAUTH" />
            <ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />
          </ClaimsExchanges>
        </OrchestrationStep>

否则，该示例将不会建立SM-AAD会话，并且随后的策略调用或静默令牌调用仍然需要签名.

Without this, the sample will not setup the SM-AAD session, and subsequent policy calls or silent token calls will need a sign in anyway.

这篇关于用户旅程完成后，B2C重定向的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！