在 AAD B2C 自定义策略中进行 REST 调用时如何引用用户身份?

问题描述 投票:0回答:1

我一直在尝试对用于在创建用户之前调用 REST API 的普通 API 连接器在 Azure AD B2C 内部的工作方式进行逆向工程。我一直在尝试弄清楚我需要提供什么 

InputClaim
才能发送您在 
这个示例
中看到的正常 identities 有效负载。

我尝试了很多例子,但没有什么足以说明这一点。这是我当前的政策片段。

...
<ClaimType Id="currentUserIdentities">
        <DisplayName>currentUserIdentities</DisplayName>
        <DataType>userIdentityCollection</DataType>
        <AdminHelpText>currentUserIdentities</AdminHelpText>
        <UserHelpText>currentUserIdentities</UserHelpText>
      </ClaimType>
...
<TechnicalProfiles>
        <TechnicalProfile Id="REST-API">
          <DisplayName> Webhook</DisplayName>
          <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
          <Metadata>
            <!-- Set the ServiceUrl with your own REST API endpoint -->
            <Item Key="ServiceUrl">MY_URL_HERE</Item>
            <Item Key="SendClaimsIn">Body</Item>
            <!-- Set AuthenticationType to Basic or ClientCertificate in production environments -->
            <Item Key="AuthenticationType">Basic</Item>
          </Metadata>
          <CryptographicKeys>
            <Key Id="BasicAuthenticationUsername" StorageReferenceId="B2C_1A_Username" />
            <Key Id="BasicAuthenticationPassword" StorageReferenceId="B2C_1A_Password" />
          </CryptographicKeys>
          <InputClaims>
            <!-- Claims sent to your REST API -->
            <InputClaim ClaimTypeReferenceId="objectId" />
            <InputClaim ClaimTypeReferenceId="givenName" />
            <InputClaim ClaimTypeReferenceId="surname" />
            <InputClaim ClaimTypeReferenceId="currentUserIdentities" />
          </InputClaims>
          <OutputClaims>
            <!-- Claims parsed from your REST API -->
            <OutputClaim ClaimTypeReferenceId="my_custom_claim" />
          </OutputClaims>
          <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
        </TechnicalProfile>

当我尝试部署它时,我得到:

Validation failed: 1 validation error(s) found in policy \"MY_POLICY_NAME\" of tenant \"MY_TENANT.onmicrosoft.com\".Technical profile 'REST-API' contains Input claim with id 'currentUserIdentities' that has an unsupported data type. The data types supported for this provider are 'Boolean, String, StringCollection, DateTime, Date, Int, Long, ObjectIdentity, ObjectIdentityCollection'
azure-ad-b2c azure-ad-b2c-custom-policy
1个回答
0
投票

我最终做的是编写一个自定义的 

ClaimsTransformer
,它生成了所需的 JSON 有效负载:

<ClaimsTransformation Id="CreateApiPayload" TransformationMethod="GenerateJson">
        <InputClaims>
          <InputClaim ClaimTypeReferenceId="givenName" TransformationClaimType="givenName" />
          <InputClaim ClaimTypeReferenceId="surname" TransformationClaimType="surname"/>
          <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="identities.0.issuerAssignedId" />
        </InputClaims>
        <InputParameters>
          <InputParameter Id="identities.0.issuer" DataType="string" Value="{{ tenantId }}" />
        </InputParameters>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="apiRequestBody" TransformationClaimType="outputClaim" />
        </OutputClaims>
      </ClaimsTransformation>

这依赖于 

{{ tenantId }}
模板参数,但它有效!

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.