遵循此处的可验证凭据 B2C 示例 https://github.com/Azure-Samples/active-directory-verABLE-credentials/blob/main/B2C/README.md
我已使用 qrcode.min.js 的路径(在 Azure 存储中)更新了 selfasserted.html 文件。但以下 B2C 策略均不会在用户旅程运行时呈现 QRCode。这意味着无法颁发或验证可验证的凭证。
B2C_1A_SIGNINMFA_VC B2C_1A_SIGNIN_VC B2C_1A_SIGNUP_SIGNIN_VC B2C_1A_VC_SUSIQ B2C_1A_VC_SUSI_ISSUEVC 但是,通过 localhost 或使用 ngrok 直接访问应用程序端点时,加载 QR 码不会出现问题。似乎只有通过 Azure B2C 时才会发生。
更新
更新示例以在所有 VCStateId 用作输入声明并添加元数据密钥后使用声明解析器,我注意到以下内容
请求 url 现在有一个 id 参数,只不过它恰好是“{Context:CorrelationId}”并且未解析为实际的相关 id。我在开发工具的标题下看到以下内容(已清理) “请求网址: https://xxxx-xxxx.ngrok-free.app/api/verifier/presentation-response-status?id={Context:CorrelationId}"
我看到了使用 ngrok 时看到的初始页面的脚本,它警告您仅在信任该站点时才继续操作
<html class="h-full" lang="en-US" dir="ltr">
...
您即将访问 xxxx-xxxx.ngrok-free.app,由 x.x.x.x 提供服务。该网站通过 ngrok.com 免费提供服务。仅当您信任向您发送链接的人时,您才应访问该网站。 (ERR_NGROK_6024)
另一件事需要注意的是,与您提到在 SUSIQ 策略文件中看到 VCStateID 的经历相反,我只在扩展文件中看到 VCStateId 的实例,而在其他地方看不到。
看起来示例已在注册/登录快速流程中更新,但其他流程尚未更新。
在 SignupOrSigninVCQ 策略上,执行的技术配置文件将
VCStateId
设置为旅程的相关 ID。
<!-- TP that gets executed after QR code is scanned on signin page -->
<TechnicalProfile Id="SelfAsserted-VCSigninQuick">
<DisplayName>Verifiable Credentials</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.selfasserted.vc</Item>
<Item Key="setting.showCancelButton">false</Item>
<Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="VCStateId" DefaultValue="{Context:CorrelationId}" AlwaysUseDefaultValue="true" />
<!-- if you change this one, you need to change the all ServiceUrl in this file -->
<!-- CHANGE THE BELOW LINE -->
<InputClaim ClaimTypeReferenceId="VCServiceUrl" AlwaysUseDefaultValue="true" DefaultValue="https://df4a-158-174-131-118.ngrok.io/api/verifier" />
</InputClaims>
<DisplayClaims>
<DisplayClaim ClaimTypeReferenceId="VCStateId" />
<DisplayClaim ClaimTypeReferenceId="VCServiceUrl" />
</DisplayClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="VCStateId" />
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surName" />
<OutputClaim ClaimTypeReferenceId="VCCredentialType" />
<OutputClaim ClaimTypeReferenceId="VCCredentialType" />
<OutputClaim ClaimTypeReferenceId="VCSubject" />
<OutputClaim ClaimTypeReferenceId="VCIssuer" />
<OutputClaim ClaimTypeReferenceId="VCKey" />
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="email" />
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="DID" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="REST-VC-GetAuthResult" />
<!-- make sure the user exists in the directory -->
<ValidationTechnicalProfile ReferenceId="AAD-UserReadUsingObjectId" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
将此与 SigninVC 策略技术配置文件进行比较,您可以看到输入声明
VCStateId
从未给出默认值。
<!-- Signing in with a VC when VC references a B2C account -->
<TechnicalProfile Id="SelfAsserted-VCSignin">
<DisplayName>Verifiable Credentials</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.selfasserted.vc</Item>
<Item Key="setting.showCancelButton">false</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="VCStateId" />
<!-- if you change this one, you need to change the all ServiceUrl in this file -->
<!-- CHANGE THE BELOW LINE -->
<InputClaim ClaimTypeReferenceId="VCServiceUrl" AlwaysUseDefaultValue="true" DefaultValue="https://df4a-158-174-131-118.ngrok.io/api/verifier"/>
</InputClaims>
<DisplayClaims>
<DisplayClaim ClaimTypeReferenceId="VCStateId" />
<DisplayClaim ClaimTypeReferenceId="VCServiceUrl" />
</DisplayClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surName" />
<OutputClaim ClaimTypeReferenceId="vcCredentialType" />
<OutputClaim ClaimTypeReferenceId="vcSubject" />
<OutputClaim ClaimTypeReferenceId="vcIssuer" />
<OutputClaim ClaimTypeReferenceId="vcKey" />
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="email" />
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="DID" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="REST-VC-GetAuthResult" />
<!-- make sure the user exists in the directory -->
<ValidationTechnicalProfile ReferenceId="AAD-UserReadUsingObjectId" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
使这项工作有效的一些改变是:
VCStateId
的任何输入声明都应更新为具有默认值:
<!-- before -->
<InputClaim ClaimTypeReferenceId="VCStateId" />
<!-- after -->
<InputClaim ClaimTypeReferenceId="VCStateId" DefaultValue="{Context:CorrelationId}" AlwaysUseDefaultValue="true" />
您还需要将声明解析器元数据添加到您更改的每个技术配置文件中:
<Metadata>
...
<Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
</Metadata>
演示请求现在应在查询字符串中包含
id
。
只要所提供的信息对您有帮助,请不要忘记“接受答案”和“投票”,这对其他社区成员也有好处。