注册后如何为 Azure AD B2C 用户设置信息? [英] How to set information to Azure AD B2C users after registration?
问题描述
在我的应用程序中,我有以下场景:
用户首先使用 SignUp-SignIn 用户流在应用程序中注册,因此此时用户是在 Azure AD B2C 中创建的.然后当用户开始使用应用程序时,我想向用户添加一些信息并在下次授权期间在令牌中检索它.
我要给用户添加的信息如下:
1- 我在数据库中使用的标识符来存储与创建的用户相关的数据
2- 一些应用程序角色(例如客户、店主......) - 在这里,如果我可以阻止用户基于该角色提出请求,那就太好了,但之后在代码中检查它并不是什么大问题请求被执行
我的想法是使用 Graph API 并将这些数据以自定义属性分配给用户,因此这些数据始终由 API 管理,用户无法自己更改.
然后我在考虑是否也可以将该方法与组混合使用,这样一些请求将仅适用于属于某个组的用户.
实现我的要求的最佳方法是什么?
开箱即用的 AAD B2C SignUp-SignIn 用户流不公开任何与安全组相关的功能.
如果您想在 B2C 中使用群组声明,请选择通过自定义 (IEF) 策略添加一些自定义代码.请参阅此答案和这篇文章.
为了满足您的要求,您可以使用 自定义属性.
请注意,如果您不希望用户自己设置自定义属性,则无需执行在您的用户流程中使用自定义属性下的第 3 步":
<块引用>- 选择用户属性,然后选择自定义属性(例如,ShoeSize").点击保存.
创建自定义属性后,您可以获取应用程序属性 和 使用 MS Graph API 的自定义属性.
使用 Microsoft Graph 更新用户的自定义属性:
补丁 https://graph.microsoft.com/v1.0/users/userID{extension_831374b3bd5041bfaa54263ec9e050fc_ShoeSize":123"}然后您可以像这样在令牌中获取自定义属性声明:extension_ShoeSize":123".
In my application I have the following scenario:
Users first register in the application Using SignUp-SignIn user flow, so at that point the user is created in Azure AD B2C. Then when the users starts to use the application I want to add some information to the user and retrieve it in the token during the next authorizations.
The information I want to add to the user is the following:
1- Identifier I use in my database to store data related to that created user
2- Some application role (e.g. customer, shop owner...) - here, it would be great if I can prevent users to make requests based on that role, but not a big deal to check it in the code after the request is executed
The idea I have is to use Graph API and assign this data in a custom attribute to the users, so this data is always managed by the API and user can't change it himself.
Then I am thinking if mixing that approach with groups could be also and option so some requests will be only available for users that belong to some group.
What is the best approach to achieve my requirements?
Out-of-the-box AAD B2C SignUp-SignIn user flow does not expose any functionality related to Security Groups.
If you want to use group claims in B2C, choose to add some custom code through custom (IEF) policies. See this answer and this post.
In order to achieve your requirements, you could use custom attribute which you have mentioned.
Please note that if you don't want the user to set the custom attribute by themselves, you don't need to do this 3rd step under "Use a custom attribute in your user flow":
- Select User attributes and then select the custom attribute (for example, "ShoeSize"). Click Save.
After you create the custom attribute, you can Get the application properties and Using custom attribute with MS Graph API.
Update the custom attribute for a user with Microsoft Graph:
PATCH https://graph.microsoft.com/v1.0/users/userID
{"extension_831374b3bd5041bfaa54263ec9e050fc_ShoeSize": "123"}
Then you can get the custom attribute claim in token like this: "extension_ShoeSize": "123".
这篇关于注册后如何为 Azure AD B2C 用户设置信息?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
