Azure AD B2C - "Username" 未提供用户名声明的本地 IDP

Azure AD B2C - Local IDP with "Username" not providing username claim

我已将身份提供者配置为使用具有用户名而不是密码的本地帐户。

我创建了一个具有显示名称、用户名和电子邮件的用户。

我可以 select "Display Name" 和 "Email Address" 申请所有保单索赔,但 "User Name" 不是一个选项。我还确认没有向我的应用程序提供用户名声明。

如何配置 Azure AD B2C 以使其提供用户名声明?

不幸的是,用户名尚无法选择作为在令牌中传递的声明。您应该在 Azure AD B2C UserVoice 论坛中为这个问题投票以帮助确定它的优先级:Include username in JWT claims

这次你唯一的选择是通过图表自己检索它

这里有一段 .Net 代码 的快速粗略片段,您可以将其用于此目的:

    private async Task OnSecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
    {
        try
        {
            var userObjectId = notification.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier")?.Value;

            // You'll need to register a separate app for this.
            // This app will need APPLICATION (not Delegated) Directory.Read permissions
            // Check out this link for more info:
            // https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet 
            var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(string.Format(graphAuthority, tenant));
            var t = await authContext.AcquireTokenAsync(graphResource, new ClientCredential(graphClientId, graphClientSecret));

            string result;
            using (var client = new HttpClient())
            {
                client.DefaultRequestHeaders.Add("Authorization", "Bearer " + t.AccessToken);

                var url = graphResource + tenant + "/users/" + userObjectId + "/?api-version=1.6";
                result = await client.GetStringAsync(url);
            }

            var jsonResult = JObject.Parse(result);
            var username = jsonResult["signInNames"].FirstOrDefault(j => j["type"].ToString() == "userName")?["value"]?.ToString();
            notification.AuthenticationTicket.Identity.AddClaim(new Claim("username", username));
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.ToString());
        }
    }

您将在设置 OpenIdConnectAuthenticationOptions 时引用此方法,如下所示:

    new OpenIdConnectAuthenticationOptions
        {
            // (...)
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthenticationFailed = OnAuthenticationFailed,
                SecurityTokenValidated = OnSecurityTokenValidated,
            },
            // (...)
        };