Azure AD B2C確實不是當前接受任何用於填充用戶配置文件屬性的額外查詢字符串參數。您可以在Azure AD B2C UserVoice forum中提出此要求。
但是,您可以通過在使用Graph的應用程序中自己實現相同的結果。
對於您的具體示例,您需要確保您發送配置註冊或註冊/簽名策略來發送newUser聲明,然後在驗證後使用該策略調用圖形並進行必要的更新。
這裏是你如何做到這一點的例子,假設你使用ASP.Net按this SignIn sample或this SignUp/SignIn sample,通過利用SecurityTokenValidated通知設置您的OpenIdConnectAuthenticationOptions像這樣:
new OpenIdConnectAuthenticationOptions
{
// Skipping for brevity
// (...)
Notifications = new OpenIdConnectAuthenticationNotifications
{
// (...)
SecurityTokenValidated = OnSecurityTokenValidated
},
// (...)
};
而且使用在ClientCredentials流向調出該圖形API進行更新,像這樣:
private async Task OnSecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
string userObjectId = notification.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier")?.Value;
bool newUser = false;
bool.TryParse(notification.AuthenticationTicket.Identity.FindFirst("newUser")?.Value, out newUser);
if (!newUser) return;
ClientCredential credential = new ClientCredential(graphClientId, graphClientSecret);
AuthenticationContext authContext = new AuthenticationContext("https://login.microsoftonline.com/sacacorpb2c.onmicrosoft.com");
AuthenticationResult result = await authContext.AcquireTokenAsync("https://graph.microsoft.com", credential);
string body = "{ \"extension_e5bf5a2db0c9415cb62661a70d8f0a68_AccountId\" : \"Your_New_Value"\"}";
HttpClient http = new HttpClient();
string url = "https://graph.microsoft.com/beta/users/" + userObjectId + "/";
HttpRequestMessage request = new HttpRequestMessage(new HttpMethod("PATCH"), url)
{
Content = new StringContent(body, Encoding.UTF8, "application/json")
};
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
HttpResponseMessage response = await http.SendAsync(request);
return;
}
重要提示: