在AD B2C自定义策略的单个编排步骤中进行自定义电子邮件验证

时间:2019-11-09 05:04:48

标签: azure-ad-b2c

我有一个多步骤自定义策略,该策略首先从用户处收集电子邮件,并在用户继续单击时将验证码发送给用户。旅途顺利。但是,事情是在下一步进行代码验证。我需要将代码验证带入业务流程的第一步。我正在遵循以下文档来实现此过程: “ https://github.com/yoelhor/aadb2c-verification-code

我的技术资料如下:

<TechnicalProfile Id="LocalAccountSignUpWithLogonEmail-FirstStep">
  <DisplayName>Email signup</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider,        Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
    <Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
    <Item Key="language.button_continue">Send verification email</Item>
    <Item Key="EnforceEmailVerification">False</Item>
  </Metadata>
  <CryptographicKeys>
    <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
  </CryptographicKeys>
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="email" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true" />
    <OutputClaim ClaimTypeReferenceId="verificationCode" />
  </OutputClaims>
  <OutputClaimsTransformations>
    <OutputClaimsTransformation ReferenceId="CopyEmailAsReadOnly" />
  </OutputClaimsTransformations>
  <ValidationTechnicalProfiles>
    <ValidationTechnicalProfile ReferenceId="REST-API-SendVerificationEmail" />
  </ValidationTechnicalProfiles>
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>

和验证技术资料如下:

<TechnicalProfile Id="REST-API-SendVerificationEmail">
  <DisplayName>Sign-Up send link</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine,       Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="ServiceUrl">https://myweb.azurewebsites.net/api/Identity/SendVerificationCode</Item>
    <Item Key="AuthenticationType">None</Item>
    <Item Key="SendClaimsIn">Body</Item>
    <Item Key="AllowInsecureAuthInProduction">true</Item>
  </Metadata>
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="email" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="verificationCode" />
  </OutputClaims>
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>

1 个答案:

答案 0 :(得分:0)

当前无法实现,调用REST API,必须提交表单,这将导致业务流程步骤完成并移至下一个。

我们将在几周内发布如何实现此目标,而无需使用外部REST API来生成和验证OTP代码。敬请期待。

相关问题
最新问题