Azure AD B2C确实不是当前接受任何用于填充用户配置文件属性的额外查询字符串参数。您可以在Azure AD B2C UserVoice forum中提出此要求。
但是,您可以通过在使用Graph的应用程序中自己实现相同的结果。
对于您的具体示例,您需要确保您发送配置注册或注册/签名策略来发送newUser声明,然后在验证后使用该策略调用图形并进行必要的更新。
这里是你如何做到这一点的例子,假设你使用ASP.Net按this SignIn sample或this SignUp/SignIn sample,通过利用SecurityTokenValidated通知设置您的OpenIdConnectAuthenticationOptions像这样:
new OpenIdConnectAuthenticationOptions
{
// Skipping for brevity
// (...)
Notifications = new OpenIdConnectAuthenticationNotifications
{
// (...)
SecurityTokenValidated = OnSecurityTokenValidated
},
// (...)
};
而且使用在ClientCredentials流向调出该图形API进行更新,像这样:
private async Task OnSecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
string userObjectId = notification.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier")?.Value;
bool newUser = false;
bool.TryParse(notification.AuthenticationTicket.Identity.FindFirst("newUser")?.Value, out newUser);
if (!newUser) return;
ClientCredential credential = new ClientCredential(graphClientId, graphClientSecret);
AuthenticationContext authContext = new AuthenticationContext("https://login.microsoftonline.com/sacacorpb2c.onmicrosoft.com");
AuthenticationResult result = await authContext.AcquireTokenAsync("https://graph.microsoft.com", credential);
string body = "{ \"extension_e5bf5a2db0c9415cb62661a70d8f0a68_AccountId\" : \"Your_New_Value"\"}";
HttpClient http = new HttpClient();
string url = "https://graph.microsoft.com/beta/users/" + userObjectId + "/";
HttpRequestMessage request = new HttpRequestMessage(new HttpMethod("PATCH"), url)
{
Content = new StringContent(body, Encoding.UTF8, "application/json")
};
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
HttpResponseMessage response = await http.SendAsync(request);
return;
}
重要提示: