注册后如何设置信息给Azure AD B2C用户? [英] How to set information to Azure AD B2C users after registration?

问题描述

在我的应用程序中，我有以下场景:

用户首先使用 SignUp-SignIn 用户流在应用程序中注册，因此此时用户是在 Azure AD B2C 中创建的.然后当用户开始使用应用程序时，我想向用户添加一些信息，并在下一次授权期间在令牌中检索它.

我要添加给用户的信息如下:

1- 我在数据库中用来存储与创建的用户相关的数据的标识符

2- 某些应用程序角色(例如客户、店主...)- 在这里，如果我可以阻止用户基于该角色发出请求，那就太好了，但之后在代码中检查它也没什么大不了的请求被执行

我的想法是使用 Graph API 并在自定义属性中将此数据分配给用户，因此这些数据始终由 API 管理，用户无法自行更改.

然后我在想是否也可以将这种方法与群组混合使用，以便某些请求仅适用于属于某个群组的用户.

达到我的要求的最佳方法是什么?

解决方案

开箱即用的 AAD B2C SignUp-SignIn 用户流不会公开任何与安全组相关的功能.

如果您想在 B2C 中使用组声明，请选择通过自定义 (IEF) 策略添加一些自定义代码.请参阅此答案和这篇文章.

为了达到您的要求，您可以使用 您提到的自定义属性.

请注意，如果您不希望用户自行设置自定义属性，则无需在在用户流程中使用自定义属性"下执行此第 3 步":

<块引用>

3. 选择用户属性，然后选择自定义属性(例如，ShoeSize").点击保存.

创建自定义属性后，您可以获取应用程序属性 和 使用自定义属性与 MS Graph API.

使用 Microsoft Graph 更新用户的自定义属性:

PATCH https://graph.microsoft.com/v1.0/users/userID{extension_831374b3bd5041bfaa54263ec9e050fc_ShoeSize":123"}

然后您可以像这样在令牌中获取自定义属性声明:"extension_ShoeSize":"123".

In my application I have the following scenario:

Users first register in the application Using SignUp-SignIn user flow, so at that point the user is created in Azure AD B2C. Then when the users starts to use the application I want to add some information to the user and retrieve it in the token during the next authorizations.

The information I want to add to the user is the following:

1- Identifier I use in my database to store data related to that created user

2- Some application role (e.g. customer, shop owner...) - here, it would be great if I can prevent users to make requests based on that role, but not a big deal to check it in the code after the request is executed

The idea I have is to use Graph API and assign this data in a custom attribute to the users, so this data is always managed by the API and user can't change it himself.

Then I am thinking if mixing that approach with groups could be also and option so some requests will be only available for users that belong to some group.

What is the best approach to achieve my requirements?

解决方案

Out-of-the-box AAD B2C SignUp-SignIn user flow does not expose any functionality related to Security Groups.

If you want to use group claims in B2C, choose to add some custom code through custom (IEF) policies. See this answer and this post.

In order to achieve your requirements, you could use custom attribute which you have mentioned.

Please note that if you don't want the user to set the custom attribute by themselves, you don't need to do this 3rd step under "Use a custom attribute in your user flow":

3. Select User attributes and then select the custom attribute (for example, "ShoeSize"). Click Save.

After you create the custom attribute, you can Get the application properties and Using custom attribute with MS Graph API.

Update the custom attribute for a user with Microsoft Graph:

PATCH https://graph.microsoft.com/v1.0/users/userID

{"extension_831374b3bd5041bfaa54263ec9e050fc_ShoeSize": "123"}

Then you can get the custom attribute claim in token like this: "extension_ShoeSize": "123".

这篇关于注册后如何设置信息给Azure AD B2C用户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！