Get the Azure AD B2C Application client id in the

2019-02-20 06:02发布

问题:

Hi the custom policy gets called with the client id of the B2C app

https://login.microsoftonline.com/TENANT/oauth2/v2.0/authorize?p=B2C_1A_POLICY&client_id=THE-CLIENT-ID-I-WANT

How can I access this in the policy, i thought this would be hard coded to the client_id claim but I dont think it is

Its only returned as default as the aud claim but again I dont see that in the custom policy

Thanks

回答1:

Ok its a bit of a work around but I tried with a standard UserJourneyContextProvider technical profile and this didnt work

so to get the client id as a claim I did the following

Create an orchestration step

<OrchestrationStep Order="2" Type="ClaimsExchange">
  <ClaimsExchanges>
   <ClaimsExchange 
       Id="ClientIdFromOIDC-JC" 
       TechnicalProfileReferenceId="Get-ClientID-FromOIDC"/>
   </ClaimsExchanges>
  </OrchestrationStep>     

Then create a RESTFUL technical profile which will call a Function App passing the OIDC with the {OIDC:ClientID}

<TechnicalProfile Id="Get-ClientID-FromOIDC">
    <DisplayName>Get-ClientID-FromOIDC</DisplayName>
    <Protocol Name="Proprietary" 
    Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, 
    Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
    <Metadata>
     <Item Key="AuthenticationType">None</Item>
     <Item Key="ServiceUrl">--FUNCTION APP URL--</Item>
     <Item Key="SendClaimsIn">QueryString</Item>
    </Metadata>
    <InputClaims>
      <InputClaim 
        ClaimTypeReferenceId="client_id" 
        PartnerClaimType="client_id"  
        DefaultValue="{OIDC:ClientId}" />
     </InputClaims>
     <OutputClaims>
       <OutputClaim ClaimTypeReferenceId="client_id" />
      </OutputClaims>
  </TechnicalProfile>

And then finally create a function app which accepts the client id from the querystring and returns it with the correct format for B2C to identify

using System.Net; using System.Net.Http.Formatting;

  public static async Task<HttpResponseMessage> Run(HttpRequestMessage req, 
  TraceWriter log)
  {
       log.Info("C# HTTP trigger function processed a request.");
      // parse query parameter
      string client_id = req.GetQueryNameValuePairs()
        .FirstOrDefault(q => string.Compare(q.Key, "client_id", true) == 0)
        .Value;

      return req.CreateResponse<ResponseContent>(
      HttpStatusCode.OK, new ResponseContent
      {
          version = "1.0.0",
          status = (int) HttpStatusCode.OK,
          client_id = client_id
      },
      new JsonMediaTypeFormatter(), "application/json");

   }

   class ResponseContent {
     public string version;
     public int status;
     public string client_id;
 }

You will now get the B2C application client_id as a claim in the claim bag so you can do what you want with it now