在Azure AD B2C中将instagram添加为身份提供者

时间:2019-01-30 23:44:09

标签: azure-ad-b2c

我试图将instagram添加为身份提供者,但是我遇到了一个问题,即Azure AD B2C无法在JSON响应中识别instagram用户的ID。调用instagram的self端点后,这是我得到的响应:

{
"data": {
    "id": "4835453534",
    "username": "myUsername",
    "profile_picture": "https://profilepic.jpg",
    "full_name": "",
    "bio": "",
    "website": "",
    "is_business": false,
    "counts": {
        "media": 0,
        "follows": 10,
        "followed_by": 100
    }
},
"meta": {
    "code": 200
}

1 个答案:

答案 0 :(得分:1)

您注意到,instagram的回复并不典型。有关用户的数据嵌套在“数据”对象中。为了提取值,您需要使用声明转换。

这就是最终的技术资料-

  <ClaimsProvider>
<Domain>instagram.com</Domain>
<DisplayName>instagram</DisplayName>
<TechnicalProfiles>
  <TechnicalProfile Id="Instagram-OAUTH">
    <DisplayName>Instagram</DisplayName>
    <Protocol Name="OAuth2" />
    <Metadata>
      <Item Key="ProviderName">instagram</Item>
      <Item Key="authorization_endpoint">https://api.instagram.com/oauth/authorize</Item>
      <Item Key="AccessTokenEndpoint">https://api.instagram.com/oauth/access_token</Item>
      <Item Key="ClaimsEndpoint">https://api.instagram.com/v1/users/self</Item>
      <Item Key="scope">basic</Item>
      <Item Key="HttpBinding">POST</Item>
      <Item Key="UsePolicyInRedirectUri">0</Item>
      <Item Key="client_id">YOUR CLIENT ID HERE</Item>
      <Item Key="response_types">code</Item>
    </Metadata>
    <CryptographicKeys>
      <Key Id="client_secret" StorageReferenceId="B2C_1A_InstagramSecret" />
    </CryptographicKeys>
    <OutputClaims>
      <OutputClaim ClaimTypeReferenceId="instagramData" PartnerClaimType="data"/>
      <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="instagram.com" />
      <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
    </OutputClaims>
    <OutputClaimsTransformations>
      <OutputClaimsTransformation ReferenceId="ExtractIDFromResponse" />
      <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
      <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
      <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
      <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" />
    </OutputClaimsTransformations>
    <UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
  </TechnicalProfile>
</TechnicalProfiles>

在此技术资料中,您将注意到“ ExtractIDFromResponse”转换。这需要添加,并且应如下所示:

  <ClaimsTransformation Id="ExtractIDFromResponse" TransformationMethod="GetClaimFromJson">
    <InputClaims>
      <InputClaim ClaimTypeReferenceId="instagramData" TransformationClaimType="inputJson" />
    </InputClaims>
    <InputParameters>
      <InputParameter Id="claimToExtract" DataType="string" Value="id" />
    </InputParameters>
    <OutputClaims>
      <OutputClaim ClaimTypeReferenceId="socialIdpUserId" TransformationClaimType="extractedClaim" />
    </OutputClaims>
  </ClaimsTransformation>

您还需要为数据创建声明类型,如下所示:

  <ClaimType Id="instagramData">
    <DisplayName>data</DisplayName>
    <DataType>string</DataType>
    <AdminHelpText>data object from Instagram</AdminHelpText>
    <UserHelpText>data object from Instagram</UserHelpText>
  </ClaimType

因此,实质上,发生的步骤是:

  1. B2C从Instagram获取JSON响应
  2. B2C将响应中的“ data”对象映射到“ instagramData”
  3. 运行声明转换,该声明转换从输入(instagramData)中提取“ id”,并将其保存到socialIdpUserId声明中。

为了保存其他变量,例如full_name,需要相应地添加另一个ClaimsTransformation