时间戳

首页 > 解决方案 > Resetting user password during registration in WingTipGames

azure-ad-b2c - Resetting user password during registration in WingTipGames

问题描述

I'm looking at the invitation flow in WingTipGames. In step 2 of the invitation journey the comment says

The following claims exchange is executed when the user is registering a local account. It can create the user in the Azure Active Directory identity store if the user does not exist or update the password for the user in the Azure Active Directory identity store if the user does exist.

The technical profile referenced in that step is LocalAccount-Registration-VerifiedEmail here. It's not evident where a password reset is able to happen because if the account already exists an error is thrown. Am I looking at this wrong, or does the comment above mean to say a password reset could happen if a different technical profile is used...

Truth be told, I always want to force a password reset here, and never register an account: the accounts will always be pre-created in AD through Graph. Perhaps I do need to pull in something like the AAD-UserWritePasswordUsingObjectId technical profile instead...

Thanks for any input.

标签: azure-ad-b2c

解决方案

XML 注释似乎不正确。

如果LocalAccount-Registration-VerifiedEmail帐户密码已存在,则技术配置文件似乎不会更新该帐户的密码。

对于您的特定场景,LocalAccount-Registration-VerifiedEmail技术配置文件应参考AAD-UserReadUsingEmailAddressAAD-UserWritePasswordUsingObjectId验证技术配置文件。

<TechnicalProfile Id="LocalAccount-Registration-VerifiedEmail">
  ...
  <InputClaimsTransformations>
    <InputClaimsTransformation ReferenceId="CreateEmailFromVerifiedEmail" />
  </InputClaimsTransformations>
  ...
  <ValidationTechnicalProfiles>
    <ValidationTechnicalProfile ReferenceId="AAD-UserReadUsingEmailAddress" />
    <ValidationTechnicalProfile ReferenceId="AAD-UserWritePasswordUsingObjectId" />
  </ValidationTechnicalProfiles>
  ...
</TechnicalProfile>

验证技术配置文件通过AAD-UserReadUsingEmailAddress输入到邀请旅程的电子邮件地址查找帐户。

验证技术配置文件会更新帐户的AAD-UserWritePasswordUsingObjectId密码。

推荐阅读