问题描述

这是一个新的B2C用户的(主要是)理论问题.

This a (mostly) theoretical question from a new B2C user.

如果我发送给RP的所有声明都可以从OIDC ClaimsProvider获得，则我似乎能够创建通过"列表.自定义策略，实际上并不需要Azure AD用户存在-令牌只是根据声明创建的.

If all of the claims I send to the RP are available from an OIDC ClaimsProvider, I seem to be able to create a "pass through" custom policy that doesn't actually require an Azure AD user to exist - token is just created from claims.

有什么方法可以破坏B2C处理?在有限的测试中，我还没有找到任何东西.对于B2C支持是否会造成长期的头痛?

Are there any ways in which this will break B2C processing? I haven’t found any during limited testing. Does it pose any long-term headaches for B2C support?

推荐答案

至少，这是意外的.这意味着您将走在一条主要依靠自己的道路上.

Well, at the very least it is unexpected. And that means you will be on a path where you are mostly on your own.

AFAIK(当然不是全部)是您从B2C(例如自助服务)中获得的收益，如果您的B2C租户中没有一组注册用户，您将无法获得.这样，我的问题便是:为什么不直接向该OIDC进行身份验证?

AFAIK (which is certainly not everything) the benefits you get from B2C, self-service for example, you will not get without having a set of registered users in your B2C tenant. And with that, my question back would be: why not authenticate to that OIDC directly ?

这篇关于从理论上讲，即使没有Azure AD用户，Azure AD B2C自定义策略也可以从社交IDP声明中生成令牌吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！