Entra 验证 ID 规则定义中自定义声明使用的正确语法是什么?

问题描述 投票:0回答:1

我已经设置了一个 Entra 外部 ID 系统,并创建了一个自定义安全属性,以便模拟向登录我的应用程序的用户添加自定义数据。 (目前只是一个演示,但希望在那里存储会员号码和会员级别)。 我正在尝试使用该自定义属性/声明信息以便能够颁发包含其会员编号的已验证凭据,但是它总是失败并出现相同的错误“在发行中缺少提供的声明” - 它与使用非自定义一起工作正常字段(例如给定的名称,根据所有示例)

我尝试过 

Foo.Bar
user.Bar
extension_..._Bar
,但没有运气。

验证凭证规则中需要什么语法?

当前失败规则:

{
  "attestations": {
    "idTokenHints": [
      {
        "mapping": [
          {
            "outputClaim": "foobar",
            "required": true,
            "inputClaim": "Foo.Bar",
            "indexed": false
          }
        ],
        "required": false
      }
    ]
  },
  "validityInterval": 2592000,
  "vc": {
    "type": [
      "Foobar"
    ]
  }
}

使用演示 1-asp-net-core-api-idtokenhint C# 项目时出现问题 api 错误:

issuance error: "Something went wrong calling the API: 
{
  "requestId": "2b020237faffd90eaed9d034a296775e",
  "date": "Tue, 21 May 2024 22:43:44 GMT",
  "mscv": "cpMoovB/XjpznKMR.3",
  "error": {
    "code": "badRequest",
    "message": "The request is invalid.",
    "innererror": {
      "code": "badOrMissingField",
      "message": "Missing provided claims in issuance: [Foo.Bar]",
      "target": "claims"
    }
  }
}"

自定义属性设置: custom attribute setup screen for Foo.Bar

用户配置: user configuration of the Foo.Bar custom claim

microsoft-entra-id azure-ad-verifiable-credentials
1个回答
0
投票

这是两个文件的语法,因此您可以使用自定义声明成功颁发和验证凭据。

显示清晰度:

{
  "locale": "en-US",
  "card": {
    "backgroundColor": "#ffffff",
    "description": "With verified patient card you can sign in faster and access your medical data.",
    "issuedBy": "Formula Healthcare",
    "textColor": "#055C9D",
    "title": "Verified Patient",
    "logo": {
      "description": "Formula Healthcare Logo",
      "uri": "https://strf5verifiediddev.blob.core.windows.net/vc-public/fh-logo.png"
    }
  },
  "consent": {
    "instructions": "Accept credential to confirm that you are verified patient.",
    "title": "Accept credential for Verified Patients"
  },
  "claims": [
    {
      "claim": "vc.credentialSubject.fullName",
      "label": "Full name",
      "type": "String"
    },
    {
      "claim": "vc.credentialSubject.nationalHealthcareId",
      "label": "National Healthcare ID",
      "type": "String"
    }
  ]
}

规则定义:

{
  "attestations": {
    "idTokenHints": [
      {
        "mapping": [
          {
            "outputClaim": "fullName",
            "required": false,
            "inputClaim": "fullName",
            "indexed": false
          },
          {
            "outputClaim": "nationalHealthcareId",
            "required": false,
            "inputClaim": "nationalHealthcareId",
            "indexed": false
          }
        ],
        "required": true
      }
    ]
  },
  "validityInterval": 2592000,
  "vc": {
    "type": [
      "VerifiedPatient"
    ]
  }
}

正如您在上面所看到的,您可以在 VC 中为声明创建映射(并使用与最初定义不同的名称,使用输入和输出声明定义)。但是,我建议对输入和输出声明使用相同的名称。 我希望这有帮助。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.