在Azure B2C中,我可以访问从访问令牌中的外部身份提供商发送的索赔吗?
例如,我使用OpenIDConnect向Azure B2C添加了Azure AD外部身份提供商。
我有兴趣从ID令牌Azure B2C中不存在的外部身份提供商(Azure AD)访问我的应用程序中不存在的索赔。例如,我知道外部身份提供商有AMR主张。如果我配置了Azure B2C以通过从外部IDP获得的访问令牌传递:
<OutputClaim ClaimTypeReferenceId="identityProviderAccessToken" PartnerClaimType="{oauth2:access_token}" />
那么我的应用程序可以看到访问令牌,如果我解码它,我可以看到我要寻找的索赔存在。
但是,我想在Azure B2C中处理这些主张,以根据这些主张来改变其行为。例如,我想查看AMR声明,并确定是否应执行多因素身份验证。
是否有任何机制,Azure B2C可以通过外部身份提供商从访问令牌中返回的索赔来处理?某种类型的语法引用了访问令牌中Azure B2C从IDP检索的语法?我可以找到的最接近的可能是从OpenIDConnect协议更改为Sipporsprovider配置中的OAuth2协议。但是,我已经看到了有关此的混合消息。
As an example, I have added an Azure AD external identity provider to Azure B2C using OpenIDConnect.
I am interested in accessing claims from the external identity provider (Azure AD) that aren't present in the ID Token Azure B2C returns to my app. For instance, I know that there is an amr claim from the external identity provider. If I configure Azure B2C to pass thru the Access Token obtained from the external IDP like this:
<OutputClaim ClaimTypeReferenceId="identityProviderAccessToken" PartnerClaimType="{oauth2:access_token}" />
Then my application can see the Access Token, and if I decode it, I can see the claims I'm looking for are present.
However, I want to process these claims within Azure B2C to change it's behavior based on these claims. For instance, I would like to look at the amr claim and determine if multi-factor authentication should be enforced or not.
Is there any mechanism through which Azure B2C can handle the claims that are returned in the Access Token from the external identity provider? Some type of syntax that references a claim in the Access Token that Azure B2C retrieves from the IDP? The closest thing I can find might be to change from OpenIdConnect protocol to Oauth2 protocol in the claimsprovider configuration. But, I've seen mixed messages about this.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论