如何解决Azure AD B2C自定义策略是否支持msal 2.0msal浏览器身份验证代码流?
我正在尝试将e msal 2.0(msal-browser)用于我的应用程序以通过Azure AD B2C自定义策略进行身份验证,我没有相同的适当文档或示例
解决方法
此sample应该对您有用,它使用 Azure AD B2C +自定义策略+ MSAL.js 2.0 +授权代码流。
<!-- The AAD Common Endpoint Claims Provider. Matches on the existence of AAD-Common in the claimsProvider collection -->
<ClaimsProvider>
<DisplayName>Login with AAD OIDC</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="AAD-OIDC">
<DisplayName>Login with AAD (OIDC)</DisplayName>
<Description>Login with AAD (OIDC)</Description>
<Protocol Name="OpenIdConnect" />
<OutputTokenFormat>JWT</OutputTokenFormat>
<Metadata>
<Item Key="METADATA">https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration</Item>
<!-- TODO: Create multi-tenant App Registration and add client ID here -->
<Item Key="client_id">xxxxx</Item>
<Item Key="response_types">code</Item>
<Item Key="scope">openid profile</Item>
<Item Key="response_mode">form_post</Item>
<Item Key="HttpBinding">POST</Item>
<Item Key="UsePolicyInRedirectUri">false</Item>
<Item Key="DiscoverMetadataByTokenIssuer">true</Item>
<!-- TODO: Add the Tenant IDs of each Valid Token Issuer -->
<!-- The key below allows you to specify each of the Azure AD tenants that can be used to sign in. Update the GUIDs below for each tenant. -->
<Item Key="ValidTokenIssuerPrefixes">https://login.microsoftonline.com/xxxxx</Item>
<Item Key="ClaimTypeOnWhichToEnable">claimsProvider</Item>
<Item Key="ClaimValueOnWhichToEnable">AAD-Common</Item>
</Metadata>
<CryptographicKeys>
<!-- TODO: Update the storage reference ID for the client secret of the Multi-Tenant App Registration Client -->
<Key Id="client_secret" StorageReferenceId="B2C_1A_ADDMultiTenantAngularSPA" />
</CryptographicKeys>
<InputClaims>
<!--pass the login_hint to Azure AD home realm discovery page to bypass email address entry again-->
<InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="login_hint" />
<!--Disable the prompt on the partner IdP to "Sign in with another account"-->
<InputClaim ClaimTypeReferenceId="hsu" PartnerClaimType="hsu" DefaultValue="1" AlwaysUseDefaultValue="true" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="oid" />
<OutputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />
<OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_name" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" AlwaysUseDefaultValue="true" />
<OutputClaim ClaimTypeReferenceId="identityProvider" PartnerClaimType="iss" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
<OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
<OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
<OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" />
</OutputClaimsTransformations>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
<EnabledForUserJourneys>OnItemExistenceInStringCollectionClaim</EnabledForUserJourneys>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
(从评论移至答案)
MSAL.js 2.0当前不支持与PKCE授权代码流一起使用的Azure AD B2C。目前,Azure AD B2C建议使用隐式流。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
