我一直在尝试对用于在创建用户之前调用 REST API 的普通 API 连接器在 Azure AD B2C 内部的工作方式进行逆向工程。我一直在尝试弄清楚我需要提供什么
InputClaim
才能发送您在 这个示例中看到的正常
identities
有效负载。
我尝试了很多例子,但没有什么足以说明这一点。这是我当前的政策片段。
...
<ClaimType Id="currentUserIdentities">
<DisplayName>currentUserIdentities</DisplayName>
<DataType>userIdentityCollection</DataType>
<AdminHelpText>currentUserIdentities</AdminHelpText>
<UserHelpText>currentUserIdentities</UserHelpText>
</ClaimType>
...
<TechnicalProfiles>
<TechnicalProfile Id="REST-API">
<DisplayName> Webhook</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<!-- Set the ServiceUrl with your own REST API endpoint -->
<Item Key="ServiceUrl">MY_URL_HERE</Item>
<Item Key="SendClaimsIn">Body</Item>
<!-- Set AuthenticationType to Basic or ClientCertificate in production environments -->
<Item Key="AuthenticationType">Basic</Item>
</Metadata>
<CryptographicKeys>
<Key Id="BasicAuthenticationUsername" StorageReferenceId="B2C_1A_Username" />
<Key Id="BasicAuthenticationPassword" StorageReferenceId="B2C_1A_Password" />
</CryptographicKeys>
<InputClaims>
<!-- Claims sent to your REST API -->
<InputClaim ClaimTypeReferenceId="objectId" />
<InputClaim ClaimTypeReferenceId="givenName" />
<InputClaim ClaimTypeReferenceId="surname" />
<InputClaim ClaimTypeReferenceId="currentUserIdentities" />
</InputClaims>
<OutputClaims>
<!-- Claims parsed from your REST API -->
<OutputClaim ClaimTypeReferenceId="my_custom_claim" />
</OutputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>
当我尝试部署它时,我得到:
Validation failed: 1 validation error(s) found in policy \"MY_POLICY_NAME\" of tenant \"MY_TENANT.onmicrosoft.com\".Technical profile 'REST-API' contains Input claim with id 'currentUserIdentities' that has an unsupported data type. The data types supported for this provider are 'Boolean, String, StringCollection, DateTime, Date, Int, Long, ObjectIdentity, ObjectIdentityCollection'
我最终做的是编写一个自定义的
ClaimsTransformer
,它生成了所需的 JSON 有效负载:
<ClaimsTransformation Id="CreateApiPayload" TransformationMethod="GenerateJson">
<InputClaims>
<InputClaim ClaimTypeReferenceId="givenName" TransformationClaimType="givenName" />
<InputClaim ClaimTypeReferenceId="surname" TransformationClaimType="surname"/>
<InputClaim ClaimTypeReferenceId="email" TransformationClaimType="identities.0.issuerAssignedId" />
</InputClaims>
<InputParameters>
<InputParameter Id="identities.0.issuer" DataType="string" Value="{{ tenantId }}" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="apiRequestBody" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
这依赖于
{{ tenantId }}
模板参数,但它有效!