我希望允许用户使用 Google、Facebook 和 Microsoft 帐户以及他们的本地帐户进行身份验证。通过将一个用户旅程添加到 TrustFrameworkBase 并将一个用户旅程添加到 TrustFrameworkExtensions,我可以添加 2 个社交身份提供者。对于这两个旅程,UserJourney Id="SignUpOrSignIn"。因为他们都有相同的 ID,所以我不允许为我的社交身份提供者添加另一个 UserJourney。我该如何解决这个问题?
【问题讨论】:
标签: azure azure-active-directory azure-ad-b2c
您可以将多个社交身份提供者添加到the SignUpOrSignIn user journey,如下所示:
<OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
<ClaimsProviderSelections>
<ClaimsProviderSelection TargetClaimsExchangeId="FacebookExchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="GoogleExchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="MicrosoftAccountExchange" />
<ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
</ClaimsProviderSelections>
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="FacebookExchange" TechnicalProfileReferenceId="Facebook-OAUTH" />
<ClaimsExchange Id="GoogleExchange" TechnicalProfileReferenceId="Google-OAUTH" />
<ClaimsExchange Id="MicrosoftAccountExchange" TechnicalProfileReferenceId="MSA-OIDC" />
<ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />
</ClaimsExchanges>
</OrchestrationStep>
有关 Google-OAUTH 技术配置文件的信息,请参阅here。
有关 MSA-OIDC 技术简介的信息,请参阅here。
【讨论】: