Base solution for your next web application
Open Closed

B2C claims mapping #11766


User avatar
0
henryand created

we are using ANZ combined Angular/Core v10.1

i am having difficulty mapping B2C to ANZ.

The customer uses an email address to login. their token has it in "emails". i don't know how to map that. can you guide me on filling out the ClaimsMapping?

  "ClaimsMapping": [
    {
      "claim": "unique_name",
      "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
    }
  ]

here is their token with most values replaced with datatypes: "ver": "1.0", "iss": "https://domain/guid/v2.0/", "sub": "guid", "aud": "guid", "exp": 1698154189, "acr": "b2c_1a_signup_signin", "nonce": "mixedletters", "iat": 1698150589, "auth_time": 1698150589, "emails": "[email protected]", "name": "ROCCO", "given_name": "rjs", "family_name": "Sansotta", "tid": "guid", "at_hash": "mixedletters", "nbf": 1698150589

this may also help:

private getOpenIdConnectConfig(loginProvider: ExternalLoginProvider): AuthConfig { let authConfig = new AuthConfig(); authConfig.loginUrl = loginProvider.additionalParams['LoginUrl']; authConfig.issuer = loginProvider.additionalParams['Authority']; //authConfig.issuer = loginProvider.additionalParams['UserInfoEndpoint']; authConfig.skipIssuerCheck = loginProvider.additionalParams['ValidateIssuer'] === 'false'; authConfig.clientId = loginProvider.clientId; authConfig.responseType = 'id_token token'; authConfig.redirectUri = window.location.origin + '/account/login'; authConfig.customQueryParams = { "Abp.TenantId": '2' }; authConfig.scope = 'openid email profile'; authConfig.requestAccessToken = false; return authConfig; }


4 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    I assume, then you can use something like this;

      "ClaimsMapping": [
        {
          "claim": "email",
          "key": "emails"
        }
      ]
    
  • User Avatar
    0
    henryand created

    I added your suggestion but I get "unique_name claim is missing !" i don't know if the problem is because the Key still expects email instead of emails

    "ClaimsMapping": [ { "claim": "email", "key": "emails" }, { "claim": "unique_name", "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" }
    ]

    Abp.UI.UserFriendlyException: unique_name claim is missing ! at Stepwell.Web.Authentication.External.OpenIdConnectAuthProviderApi.GetUserInfo(String token) in C:\Dev\stepwell-tmp\src\Stepwell.Web.Core\Authentication\External\OpenIdConnectAuthProviderApi.cs:line 60 at Stepwell.Web.Controllers.TokenAuthController.GetExternalUserInfo(ExternalAuthenticateModel model) in C:\Dev\stepwell-tmp\src\Stepwell.Web.Core\Controllers\TokenAuthController.cs:line 641 at Stepwell.Web.Controllers.TokenAuthController.ExternalAuthenticate(ExternalAuthenticateModel model) in C:\Dev\stepwell-tmp\src\Stepwell.Web.Core\Controllers\TokenAuthController.cs:line 451

  • User Avatar
    0
    henryand created

    I am dead in the water not being able to access the emails value for logging in. I expect it's either a claimsmapping or (hopefully not) a change to OpenIdConnectAuthProviderApi code. no email address = no username = no login

    also, is there someplace i need to be referencing the userinfo endpoint

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Then, could you try this one ? If this doesn't work, please send an email to [email protected] and we will help you via remote connection.

    "ClaimsMapping": [
        {
          "claim": "email",
          "key": "emails"
        },
    	{
          "claim": "unique_name",
          "key": "emails"
        }
    ]