Hi,
It looks like the issue was resolved.
Thanks, Yaroslav
Hi, I can't share the connection string on public board.
Hi,
Thanks, Yaroslav
Hi,
I have implemented steps from https://support.aspnetzero.com/QA/Questions/6525/Update-on-External-Identity-Provider-config-for-AAD-B2C-OpenID with some modifications as below and it worked but asked to enter email address after authentication.
Could you pleasae help me with following quesitons: a) Is it possible to remove email registation because email already exists in claim? b) It looks like on abp logout a user still login to B2C. What needs to be done to enable it?
if (bool.Parse(configuration["Authentication:OpenId:IsEnabled"]))
{
context.Services.AddAuthentication()
.AddOpenIdConnect(options =>
{
options.SignInScheme = IdentityConstants.ExternalScheme;
options.ClientId = configuration["Authentication:OpenId:ClientId"];
options.Authority = configuration["Authentication:OpenId:Authority"];
options.SignedOutRedirectUri = configuration["App:SelfUrl"] + "Account/Logout";
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.SaveTokens = true;
options.MetadataAddress = "https://<tennant>.b2clogin.com/<tennant>.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_SignUp_SignIn";
options.GetClaimsFromUserInfoEndpoint = true;
options.ClaimActions.MapAll();
var clientSecret = configuration["Authentication:OpenId:ClientSecret"];
if (!clientSecret.IsNullOrEmpty())
{
options.ClientSecret = clientSecret;
}
options.Events = new OpenIdConnectEvents()
{
OnTokenValidated = (context) =>
{
var email = context.Principal.FindFirstValue("emails"); //initial test:emails => email first when multiple emails
ClaimsIdentity claimsId = context.Principal.Identity as ClaimsIdentity;
claimsId?.AddClaim(new Claim(ClaimTypes.NameIdentifier, $@"{email}"));
return Task.FromResult(0);
}
};
});
}