Open Closed

Azure B2C integration with IdentityServer on abp server-side Blazor app #1863


User avatar
0
ysemykin created

Could you please clarify if there is a suggested implementation path for Azure B2C integration?

Thanks, Yaroslav

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

If you're creating a bug/problem report, please include followings:

  • ABP Framework version: v4.4.2
  • UI type: Blazor
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

5 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Did you check the Identity Server document? http://docs.identityserver.io/en/latest/topics/signin_external_providers.html

  • User Avatar
    0
    ysemykin created

    Hi,

    I have implemented steps from https://support.aspnetzero.com/QA/Questions/6525/Update-on-External-Identity-Provider-config-for-AAD-B2C-OpenID with some modifications as below and it worked but asked to enter email address after authentication.

    Could you pleasae help me with following quesitons: a) Is it possible to remove email registation because email already exists in claim? b) It looks like on abp logout a user still login to B2C. What needs to be done to enable it?

             if (bool.Parse(configuration["Authentication:OpenId:IsEnabled"]))
            {
                context.Services.AddAuthentication()
                    .AddOpenIdConnect(options =>
                {
                    options.SignInScheme = IdentityConstants.ExternalScheme;
    
                    options.ClientId = configuration["Authentication:OpenId:ClientId"];
                    options.Authority = configuration["Authentication:OpenId:Authority"];
                    options.SignedOutRedirectUri = configuration["App:SelfUrl"] + "Account/Logout";
                    options.ResponseType = OpenIdConnectResponseType.IdToken;
    
                    options.SaveTokens = true;
    
                    options.MetadataAddress = "https://<tennant>.b2clogin.com/<tennant>.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_SignUp_SignIn";
    
                    options.GetClaimsFromUserInfoEndpoint = true;
                    options.ClaimActions.MapAll();
    
                    var clientSecret = configuration["Authentication:OpenId:ClientSecret"];
                    if (!clientSecret.IsNullOrEmpty())
                    {
                        options.ClientSecret = clientSecret;
                    }
    
                    options.Events = new OpenIdConnectEvents()
                    {
    
                        OnTokenValidated = (context) =>
                        {
    
                            var email = context.Principal.FindFirstValue("emails"); //initial test:emails => email first when multiple emails
                            ClaimsIdentity claimsId = context.Principal.Identity as ClaimsIdentity;
                            claimsId?.AddClaim(new Claim(ClaimTypes.NameIdentifier, $@"{email}"));
    
                            return Task.FromResult(0);
                        }
                    };
                });
            }
    
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    but asked to enter email address after authentication.

    Can you share some screenshots?

    because email already exists in claim?

    It needs the claims type is

    AbpClaimTypes.Email
    
  • User Avatar
    0
    ysemykin created

    Hi,

    1. The first login scenario was fixed.
    2. What about logout from B2C?

    Thanks, Yaroslav

  • User Avatar
    0
    gterdem created
    Senior .NET Developer
    1. What about logout from B2C?

    You can check microsoft docs about single signout behaviour.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09