我有一个 Blazor 应用程序。它使用 Azure AD B2C 进行身份验证。登录用户流程设置为在注销请求中需要 ID 令牌。当用户尝试注销时,收到以下错误:
抱歉,我们无法让您登录。 ... 请求中未指定id_token_hint参数。 请提供令牌并重试。
我知道我需要将 id_token_hint 作为查询参数传递,但无法找到具体如何完成此操作。
Blazor 当前不发送 id_token_hint。 MS 自 .Net 5 以来就已经意识到这一点,但尚未修复它。 有迹象表明它可以在 .Net 8 中修复。
这适用于 dotnet 7 Blazor WASM:
var idToken = await IdTokenHelper.GetIdTokenAsync();
var options = new InteractiveRequestOptions
{
Interaction = InteractionType.SignOut,
ReturnUrl = null
};
// Casing of "idTokenHint" here is correct. Msal.js converts to "id_token_hint" 🤯
options.TryAddAdditionalParameter("idTokenHint", idToken);
// This is equivalent to the "ToState" extension method which is internal.
var serializedOptions = JsonSerializer.Serialize(options, new JsonSerializerOptions
{
MaxDepth = 32,
PropertyNameCaseInsensitive = true,
});
Navigation.NavigateTo("authentication/logout", new NavigationOptions { HistoryEntryState = serializedOptions});
GetIdTokenAsync
的实现是:
private readonly ILocalStorageService _localStorageService;
public IdTokenHelper(ILocalStorageService localStorageService)
{
_localStorageService = localStorageService;
}
public async Task<string?> GetIdTokenAsync()
{
foreach (var key in await _localStorageService.KeysAsync())
{
try
{
var item = await _localStorageService.GetItemAsync<TokenContainer>(key);
if (item.CredentialType == "IdToken")
return item.Secret;
}
catch
{
// Swallow entries that aren't serializable into the TokenContainer DTO
}
}
return null;
}
// ReSharper disable once ClassNeverInstantiated.Local
private record TokenContainer(
[property: JsonPropertyName("credentialType")] string CredentialType,
[property: JsonPropertyName("secret")] string Secret);
Blazored Localstorage
nuget 包。