只有 "email" 字段可以通过 "id_token_hint" 传递给 B2C 自定义策略
Only "email" field can be passed via "id_token_hint" to B2C custom policy
我正在关注 this 文章以通过 email 和 displayName 作为 id_token_hint 到我的自定义策略。以下是我用来提取数据的技术资料:
<TechnicalProfiles>
<TechnicalProfile Id="IdTokenHint_ExtractClaims">
<DisplayName> My ID Token Hint TechnicalProfile</DisplayName>
<Protocol Name="None" />
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_ClientAssertionSigningKey" />
</CryptographicKeys>
<OutputClaims>
<!--Sample: Read the email cliam from the id_token_hint-->
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="newUserEmail"/>
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="displayName"/>
</OutputClaims>
</TechnicalProfile>
问题是,我只能提取电子邮件值。 displayName 声明类型未被提取。我检查了 jwt.ms 中的 id_token_hint 值,其中存在电子邮件和显示名称的值。我该如何解决?
您还必须将传入声明添加为 RelyingParty 技术配置文件的输入声明。
例子
<RelyingParty>
<DefaultUserJourney ReferenceId="SignUpOrSignIn" />
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="OpenIdConnect" />
<!-- The following claims are read from the ID token -->
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" PartnerClaimType="newUserEmail" />
<InputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="displayName" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />
...
</OutputClaims>
<SubjectNamingInfo ClaimType="sub" />
</TechnicalProfile>
</RelyingParty>
我正在关注 this 文章以通过 email 和 displayName 作为 id_token_hint 到我的自定义策略。以下是我用来提取数据的技术资料:
<TechnicalProfiles>
<TechnicalProfile Id="IdTokenHint_ExtractClaims">
<DisplayName> My ID Token Hint TechnicalProfile</DisplayName>
<Protocol Name="None" />
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_ClientAssertionSigningKey" />
</CryptographicKeys>
<OutputClaims>
<!--Sample: Read the email cliam from the id_token_hint-->
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="newUserEmail"/>
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="displayName"/>
</OutputClaims>
</TechnicalProfile>
问题是,我只能提取电子邮件值。 displayName 声明类型未被提取。我检查了 jwt.ms 中的 id_token_hint 值,其中存在电子邮件和显示名称的值。我该如何解决?
您还必须将传入声明添加为 RelyingParty 技术配置文件的输入声明。
例子
<RelyingParty>
<DefaultUserJourney ReferenceId="SignUpOrSignIn" />
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="OpenIdConnect" />
<!-- The following claims are read from the ID token -->
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" PartnerClaimType="newUserEmail" />
<InputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="displayName" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />
...
</OutputClaims>
<SubjectNamingInfo ClaimType="sub" />
</TechnicalProfile>
</RelyingParty>