1

我目前正在使用带有 LinkedIn 集成的 Azure AD B2C 来登录我的应用程序。登录过程正在运行,我收到了一些关于用户的声明,例如姓名和电子邮件地址。

我想获取 LinkedIn 个人资料图片,以便在我的应用中拥有默认的个人资料图片。我尝试使用自定义策略,但我无法让它们发挥作用。我尝试编辑TrustFrameworkBase.xmlTrustFrameworkExtensions.xml,但没有任何结果。我在我的 TrustFrameworkExtensions.xml 中添加了linkedIn 作为声明提供者

 <ClaimsProvider>
  <Domain>linkedin.com</Domain>
  <DisplayName>LinkedIn</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="LinkedIn-OAUTH">
      <DisplayName>LinkedIn</DisplayName>
      <Protocol Name="OAuth2" />
      <Metadata>
        <Item Key="ProviderName">linkedin</Item>
        <Item Key="authorization_endpoint">https://www.linkedin.com/oauth/v2/authorization</Item>
        <Item Key="AccessTokenEndpoint">https://www.linkedin.com/oauth/v2/accessToken</Item>
        <Item Key="ClaimsEndpoint">https://api.linkedin.com/v1/people/~:(id,first-name,last-name,email-address,headline, picture-url)</Item>
        <Item Key="SendClaimsIn">Body</Item>
        <Item Key="ClaimsEndpointAccessTokenName">oauth2_access_token</Item>
        <Item Key="ClaimsEndpointFormatName">format</Item>
        <Item Key="ClaimsEndpointFormat">json</Item>
        <Item Key="scope">r_emailaddress r_basicprofile</Item>
        <Item Key="HttpBinding">POST</Item>
        <Item Key="UsePolicyInRedirectUri">0</Item>
        <Item Key="client_id"><CLIENT ID OF LINKEDIN APP></Item>
      </Metadata>
      <CryptographicKeys>
        <Key Id="client_secret" StorageReferenceId="B2C_1A_LinkedInSecret" />
      </CryptographicKeys>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="id" />
        <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="firstName" />
        <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="lastName" />
        <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="emailAddress" />
        <!--<OutputClaim ClaimTypeReferenceId="jobTitle" PartnerClaimType="headline" />-->
        <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="linkedin.com" />
        <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
        <OutputClaim ClaimTypeReferenceId="extension_Picture" PartnerClaimType="pictureUrl" />
      </OutputClaims>
      <OutputClaimsTransformations>
        <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
        <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
        <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
        <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" />
      </OutputClaimsTransformations>
      <UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

我还在我的 TrustFrameworkBase.xml 中添加了这个 Claimtype

  <ClaimType Id="extension_Picture">
    <DisplayName>Picture</DisplayName>
    <DataType>string</DataType>
    <DefaultPartnerClaimTypes>
      <Protocol Name="OAuth2" PartnerClaimType="picture" />
      <Protocol Name="OpenIdConnect" PartnerClaimType="picture" />
      <Protocol Name="SAML2" PartnerClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/extension_Picture" />
    </DefaultPartnerClaimTypes>
    <UserHelpText>Your picture.</UserHelpText>
    <UserInputType>TextBox</UserInputType>
  </ClaimType>

有人知道如何在 Azure 上正确实施声明,以便我可以从linkedIn 获取个人资料图片吗?

4

1 回答 1

0

下面是我如何检索 LinkedIn 用户的图片 URL字段,然后在 ID 令牌中发出图片声明。

1:完成Azure Active Directory B2C:使用社交帐户策略之一(例如SocialAndLocalAccounts one )开始使用自定义策略步骤。

2:在扩展文件中声明图片声明:

<ClaimType Id="picture">
  <DisplayName>Picture</DisplayName>
  <DataType>string</DataType>
  <DefaultPartnerClaimTypes>
    <Protocol Name="OAuth2" PartnerClaimType="picture" />
    <Protocol Name="OpenIdConnect" PartnerClaimType="picture" />
  </DefaultPartnerClaimTypes>
</ClaimType>

3:将图片 URL字段添加到ClaimsEndpoint元数据项,并将图片输出声明添加到扩展文件中的LinkedIn-OAUTH技术配置文件:

<ClaimsProvider>
  <Domain>linkedin.com</Domain>
  <DisplayName>LinkedIn</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="LinkedIn-OAUTH">
      <DisplayName>LinkedIn</DisplayName>
      <Protocol Name="OAuth2" />
      <Metadata>
        <Item Key="ProviderName">linkedin</Item>
        <Item Key="authorization_endpoint">https://www.linkedin.com/oauth/v2/authorization</Item>
        <Item Key="AccessTokenEndpoint">https://www.linkedin.com/oauth/v2/accessToken</Item>
        <Item Key="ClaimsEndpoint">https://api.linkedin.com/v1/people/~:(id,formatted-name,email-address,picture-url)</Item>
        <Item Key="ClaimsEndpointAccessTokenName">oauth2_access_token</Item>
        <Item Key="ClaimsEndpointFormatName">format</Item>
        <Item Key="ClaimsEndpointFormat">json</Item>
        <Item Key="scope">r_emailaddress r_basicprofile</Item>
        <Item Key="HttpBinding">POST</Item>
        <Item Key="UsePolicyInRedirectUri">0</Item>
        <Item Key="client_id">Your LinkedIn application client ID</Item>
      </Metadata>
      <CryptographicKeys>
        <Key Id="client_secret" StorageReferenceId="B2C_1A_LinkedInSecret" />
      </CryptographicKeys>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="id" />
        <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="formattedName" />
        <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="emailAddress" />
        <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="linkedin.com" />
        <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
        <OutputClaim ClaimTypeReferenceId="picture" PartnerClaimType="pictureUrl" />
      </OutputClaims>
      <OutputClaimsTransformations>
        <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
        <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
        <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
        <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" />
      </OutputClaimsTransformations>
      <UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

4:在注册或登录依赖方文件中发布图片声明:

<RelyingParty>
  <DefaultUserJourney ReferenceId="SignUpOrSignIn" />
  <TechnicalProfile Id="PolicyProfile">
    <DisplayName>PolicyProfile</DisplayName>
    <Protocol Name="OpenIdConnect" />
    <OutputClaims>
      <OutputClaim ClaimTypeReferenceId="displayName" />
      <OutputClaim ClaimTypeReferenceId="email" />
      <OutputClaim ClaimTypeReferenceId="picture" />
      <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
      <OutputClaim ClaimTypeReferenceId="identityProvider" />
    </OutputClaims>
    <SubjectNamingInfo ClaimType="sub" />
  </TechnicalProfile>
</RelyingParty>

然后 ID 令牌会发出图片声明,例如:

"picture": "https://media.licdn.com/dms/image/C5603AQGuMHK965UNqA/profile-displayphoto-shrink_100_100/0?e=1537401600&v=beta&t=e0yFYCn0QTn-dY7FJH_YOjIUY8cumr1llEnAMUVq38g"
于 2018-07-15T02:39:10.627 回答