Azure B2C integration with IdentityServer on abp server-side Blazor app #1863 | Support

ysemykin created 3 years ago

Could you please clarify if there is a suggested implementation path for Azure B2C integration?

Thanks, Yaroslav

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

If you're creating a bug/problem report, please include followings:

ABP Framework version: v4.4.2
UI type: Blazor
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): no
Exception message and stack trace:
Steps to reproduce the issue:"

5 Answer(s)

0

maliming created 3 years ago
Support Team Fullstack Developer

hi

Did you check the Identity Server document? http://docs.identityserver.io/en/latest/topics/signin_external_providers.html

ysemykin created 3 years ago

Hi,

I have implemented steps from https://support.aspnetzero.com/QA/Questions/6525/Update-on-External-Identity-Provider-config-for-AAD-B2C-OpenID with some modifications as below and it worked but asked to enter email address after authentication.

Could you pleasae help me with following quesitons: a) Is it possible to remove email registation because email already exists in claim? b) It looks like on abp logout a user still login to B2C. What needs to be done to enable it?

         if (bool.Parse(configuration["Authentication:OpenId:IsEnabled"]))
        {
            context.Services.AddAuthentication()
                .AddOpenIdConnect(options =>
            {
                options.SignInScheme = IdentityConstants.ExternalScheme;

                options.ClientId = configuration["Authentication:OpenId:ClientId"];
                options.Authority = configuration["Authentication:OpenId:Authority"];
                options.SignedOutRedirectUri = configuration["App:SelfUrl"] + "Account/Logout";
                options.ResponseType = OpenIdConnectResponseType.IdToken;

                options.SaveTokens = true;

                options.MetadataAddress = "https://&lt;tennant&gt;.b2clogin.com/&lt;tennant&gt;.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_SignUp_SignIn";

                options.GetClaimsFromUserInfoEndpoint = true;
                options.ClaimActions.MapAll();

                var clientSecret = configuration["Authentication:OpenId:ClientSecret"];
                if (!clientSecret.IsNullOrEmpty())
                {
                    options.ClientSecret = clientSecret;
                }

                options.Events = new OpenIdConnectEvents()
                {

                    OnTokenValidated = (context) =>
                    {

                        var email = context.Principal.FindFirstValue("emails"); //initial test:emails => email first when multiple emails
                        ClaimsIdentity claimsId = context.Principal.Identity as ClaimsIdentity;
                        claimsId?.AddClaim(new Claim(ClaimTypes.NameIdentifier, $@"{email}"));

                        return Task.FromResult(0);
                    }
                };
            });
        }

0
maliming created 3 years ago
Support Team Fullstack Developer
hi

but asked to enter email address after authentication.

Can you share some screenshots?

because email already exists in claim?

It needs the claims type is

AbpClaimTypes.Email
0
ysemykin created 3 years ago
Hi,

The first login scenario was fixed.

What about logout from B2C?

Thanks, Yaroslav
0
gterdem created 3 years ago
Senior .NET Developer
What about logout from B2C?

You can check microsoft docs about single signout behaviour.

Have an answer to this question? Log in and write your answer.