azure-ad-b2c - Resetting user password during registration in WingTipGames
问题描述
I'm looking at the invitation flow in WingTipGames. In step 2 of the invitation journey the comment says
The following claims exchange is executed when the user is registering a local account. It can create the user in the Azure Active Directory identity store if the user does not exist or update the password for the user in the Azure Active Directory identity store if the user does exist.
The technical profile referenced in that step is LocalAccount-Registration-VerifiedEmail
here. It's not evident where a password reset is able to happen because if the account already exists an error is thrown. Am I looking at this wrong, or does the comment above mean to say a password reset could happen if a different technical profile is used...
Truth be told, I always want to force a password reset here, and never register an account: the accounts will always be pre-created in AD through Graph. Perhaps I do need to pull in something like the AAD-UserWritePasswordUsingObjectId
technical profile instead...
Thanks for any input.
解决方案
XML 注释似乎不正确。
如果LocalAccount-Registration-VerifiedEmail
帐户密码已存在,则技术配置文件似乎不会更新该帐户的密码。
对于您的特定场景,LocalAccount-Registration-VerifiedEmail
技术配置文件应参考AAD-UserReadUsingEmailAddress
和AAD-UserWritePasswordUsingObjectId
验证技术配置文件。
<TechnicalProfile Id="LocalAccount-Registration-VerifiedEmail">
...
<InputClaimsTransformations>
<InputClaimsTransformation ReferenceId="CreateEmailFromVerifiedEmail" />
</InputClaimsTransformations>
...
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="AAD-UserReadUsingEmailAddress" />
<ValidationTechnicalProfile ReferenceId="AAD-UserWritePasswordUsingObjectId" />
</ValidationTechnicalProfiles>
...
</TechnicalProfile>
验证技术配置文件通过AAD-UserReadUsingEmailAddress
输入到邀请旅程的电子邮件地址查找帐户。
验证技术配置文件会更新帐户的AAD-UserWritePasswordUsingObjectId
密码。
推荐阅读
- jekyll - Jekyll 将标签转换为标签
- javascript - 用 php 解析 Javascript 数组或对象
- git - 使用 GitHub,如何将本地存储库恢复到上次推送到源之前的状态?
- r - data.table 子集的条件 data.table 匹配
- android - Kotlin POST 请求
- filter - 通过与列比较过滤 Google 表格的数据透视表
- angular - 检测html5中内联视频播放器的全屏退出以触发角度事件
- maven - Jenkins Maven 构建测试失败
- android - 如何像默认的android谷歌地图地点图标一样可见标记
- bash - 如何仅使用默认 bash 命令创建作业?