为什么电子邮件声明需要成为我的 TechnicalProfile 中的输入声明
Why Does the Email Claim Need to be an Input Claim in my TechnicalProfile
我尝试传递 email 声明,就像我将其他声明传递给注册政策一样,但它没有用。我不得不将其添加为我的技术资料的 <InputClaim>,但我 不明白为什么 。
在下面的例子中,我传入了email和extension_MyCustomClaim。我没有显示 extension_MyCustomClaim 但值被保留。
我的叶子政策
<TrustFrameworkPolicy ...>
...
<RelyingParty>
<DefaultUserJourney ReferenceId="MyUserJourney" />
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="OpenIdConnect" />
<InputTokenFormat>JWT</InputTokenFormat>
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_MyClientSecret" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="extension_MyCustomClaim" />
<InputClaim ClaimTypeReferenceId="email" />
</InputClaims>
...
</TechnicalProfile>
</RelyingParty>
</TrustFrameworkPolicy>
我的用户之旅
<UserJourney Id="MyUserJourney">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="ClaimsExchange" ContentDefinitionReferenceId="api.signup-ext">
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSignUp" TechnicalProfileReferenceId="LocalAccountSignUp" />
</ClaimsExchanges>
</OrchestrationStep>
...
</OrchestrationSteps>
</UserJourney>
我的技术资料
<TechnicalProfile Id="LocalAccountSignUp">
<DisplayName>User ID signup with input claims</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
...
</Metadata>
<CryptographicKeys>
...
</CryptographicKeys>
<InputClaims>
<!-- why do I have to specify this here? -->
<!-- The other claim like extension_MyCustomClaim are -->
<!-- not specified here but are being persisted -->
<InputClaim ClaimTypeReferenceId="email" />
</InputClaims>
<OutputClaims>
<!-- uncommenting this claim will put it on the screen. used for debugging -->
<!-- <OutputClaim ClaimTypeReferenceId="extension_MyCustomClaim" /> -->
</OutputClaims>
...
</TechnicalProfile>
如果我将 extension_MyCustomClaim 添加为 <OutputClaim>,它将显示在屏幕上,其中包含填充的值。我不必将其添加为 <InputClaim>.
我不明白这里的矛盾之处。
更新
我错了...
If I add extension_MyCustomClaim as an <OutputClaim> it will show up on the screen w/ the value populated. I don't have to add it as an <InputClaim>.
不正确。声明将显示在屏幕上,但值将 not populated.
对于 "self-asserted" 技术配置文件,声明 <InputClaims /> 可以将值传递到 UI 表单。
例如:
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="email" Required="true" />
</OutputClaims>
这声明了一个绑定到 email 声明的表单域。传入默认值或原始值(由 <InputClaim /> 定义),并传出修改或提交的值(由 <OutputClaim /> 定义)。
我尝试传递 email 声明,就像我将其他声明传递给注册政策一样,但它没有用。我不得不将其添加为我的技术资料的 <InputClaim>,但我 不明白为什么 。
在下面的例子中,我传入了email和extension_MyCustomClaim。我没有显示 extension_MyCustomClaim 但值被保留。
我的叶子政策
<TrustFrameworkPolicy ...>
...
<RelyingParty>
<DefaultUserJourney ReferenceId="MyUserJourney" />
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="OpenIdConnect" />
<InputTokenFormat>JWT</InputTokenFormat>
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_MyClientSecret" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="extension_MyCustomClaim" />
<InputClaim ClaimTypeReferenceId="email" />
</InputClaims>
...
</TechnicalProfile>
</RelyingParty>
</TrustFrameworkPolicy>
我的用户之旅
<UserJourney Id="MyUserJourney">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="ClaimsExchange" ContentDefinitionReferenceId="api.signup-ext">
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSignUp" TechnicalProfileReferenceId="LocalAccountSignUp" />
</ClaimsExchanges>
</OrchestrationStep>
...
</OrchestrationSteps>
</UserJourney>
我的技术资料
<TechnicalProfile Id="LocalAccountSignUp">
<DisplayName>User ID signup with input claims</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
...
</Metadata>
<CryptographicKeys>
...
</CryptographicKeys>
<InputClaims>
<!-- why do I have to specify this here? -->
<!-- The other claim like extension_MyCustomClaim are -->
<!-- not specified here but are being persisted -->
<InputClaim ClaimTypeReferenceId="email" />
</InputClaims>
<OutputClaims>
<!-- uncommenting this claim will put it on the screen. used for debugging -->
<!-- <OutputClaim ClaimTypeReferenceId="extension_MyCustomClaim" /> -->
</OutputClaims>
...
</TechnicalProfile>
如果我将 extension_MyCustomClaim 添加为 <OutputClaim>,它将显示在屏幕上,其中包含填充的值。我不必将其添加为 <InputClaim>.
我不明白这里的矛盾之处。
更新
我错了...
If I add
extension_MyCustomClaimas an<OutputClaim>it will show up on the screen w/ the value populated. I don't have to add it as an<InputClaim>.
不正确。声明将显示在屏幕上,但值将 not populated.
对于 "self-asserted" 技术配置文件,声明 <InputClaims /> 可以将值传递到 UI 表单。
例如:
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="email" Required="true" />
</OutputClaims>
这声明了一个绑定到 email 声明的表单域。传入默认值或原始值(由 <InputClaim /> 定义),并传出修改或提交的值(由 <OutputClaim /> 定义)。