0

是否可以在不输入激活码的情况下在会员激活步骤创建自定义策略来重置密码?

我正在使用 Graph API 创建一个用户,并向指定的电子邮件地址发送一封邀请电子邮件,并将extension_activationCode声明作为令牌。

    var emailClaim = new Claim("email", email);
                var codeClaim = new Claim("extension_ActivationCode", activationCode);
                policyClaims.Add(emailClaim);
                policyClaims.Add(codeClaim);

我希望用户单击该电子邮件中的链接并为其帐户设置密码。目前,UI 正在自动填充代码并显示Continue按钮,以便用户可以单击它。

    <UserJourney Id="MemberActivationDYP">
          <PreserveOriginalAssertion>false</PreserveOriginalAssertion>
          <OrchestrationSteps>           
            <OrchestrationStep Order="1" Type="ClaimsExchange" ContentDefinitionReferenceId="api.localaccount.activation">        
              <ClaimsExchanges>
                <ClaimsExchange Id="LocalAccountPasswordRecoveryVerifiedEmailExchange" TechnicalProfileReferenceId="LocalAccount-ActivationDYP" />
              </ClaimsExchanges>
            </OrchestrationStep>            
            <OrchestrationStep Order="2" Type="ClaimsExchange">
               <Preconditions>
                <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
                  <Value>objectId</Value>
                  <Action>SkipThisOrchestrationStep</Action>
                </Precondition>
              </Preconditions>
              <ClaimsExchanges>
                <ClaimsExchange Id="AAD-UserReadUsingObjectIdExchange" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
              </ClaimsExchanges>
            </OrchestrationStep>

    <TechnicalProfile Id="LocalAccount-Activation">
              <DisplayName>Account Activation</DisplayName>
              <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
              <Metadata>
                <Item Key="ContentDefinitionReferenceId">api.localaccount.activation</Item>
                <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
              </Metadata>
              <CryptographicKeys>
                <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
              </CryptographicKeys>
              <IncludeInSso>false</IncludeInSso>
              <InputClaims>
                <InputClaim ClaimTypeReferenceId="email" />
                <InputClaim ClaimTypeReferenceId="extension_activationCode" />
              </InputClaims>
              <OutputClaims>
                <OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" Required="true" />
                <OutputClaim ClaimTypeReferenceId="extension_activationCode" Required="true" />         
                <OutputClaim ClaimTypeReferenceId="objectId" />
                <OutputClaim ClaimTypeReferenceId="userPrincipalName" />
                <OutputClaim ClaimTypeReferenceId="extension_isAccountActivated" />
              </OutputClaims>
              <ValidationTechnicalProfiles>
                <ValidationTechnicalProfile ReferenceId="AAD-UserReadUsingEmailAddress" />
              </ValidationTechnicalProfiles>
            </TechnicalProfile>
            
            <TechnicalProfile Id="LocalAccount-ActivationDYP">
              <DisplayName>Member Portal Account Activation</DisplayName>
              <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
              <Metadata>
                <Item Key="ContentDefinitionReferenceId">api.localaccount.activation</Item>
                <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
              </Metadata>
              <CryptographicKeys>
                <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainerCRM" />
              </CryptographicKeys>
              <IncludeInSso>false</IncludeInSso>
              <InputClaims>
                <InputClaim ClaimTypeReferenceId="email" />
                <InputClaim ClaimTypeReferenceId="extension_activationCode" />
              </InputClaims>
              <OutputClaims>
                <OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" Required="true" />
                <OutputClaim ClaimTypeReferenceId="extension_activationCode" Required="true" />         
                <OutputClaim ClaimTypeReferenceId="objectId" />
                <OutputClaim ClaimTypeReferenceId="userPrincipalName" />
              </OutputClaims>
              <ValidationTechnicalProfiles>
                <ValidationTechnicalProfile ReferenceId="AAD-UserReadUsingEmailAddress-WithCodeDYP" />
              </ValidationTechnicalProfiles>
            </TechnicalProfile>
            <TechnicalProfile Id="AAD-UserReadUsingEmailAddress-WithCodeDYP">
              <Metadata>
                <Item Key="Operation">Read</Item>
                <Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
                <Item Key="UserMessageIfClaimsPrincipalDoesNotExist">An account could not be found for the provided user ID.</Item>
              </Metadata>
              <IncludeInSso>false</IncludeInSso>
              <InputClaims>
                <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames" Required="true" />
                <InputClaim ClaimTypeReferenceId="extension_activationCode" Required="true" />
              </InputClaims>
              <OutputClaims>
                <!-- Required claims -->
                <OutputClaim ClaimTypeReferenceId="objectId" />
                <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
                <!-- Optional claims -->
                <OutputClaim ClaimTypeReferenceId="userPrincipalName" />
                <OutputClaim ClaimTypeReferenceId="displayName" />
                <OutputClaim ClaimTypeReferenceId="otherMails" />
                <OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" />
                <OutputClaim ClaimTypeReferenceId="extension_TermsOfUseConsented" />
                <OutputClaim ClaimTypeReferenceId="extension_shareDataWithTP" />
                <OutputClaim ClaimTypeReferenceId="extension_isAccountActivated" />
              </OutputClaims>
              <IncludeTechnicalProfile ReferenceId="AAD-Common" />
            </TechnicalProfile>

我想隐藏激活码步骤 UI 但不想跳过这一步。

有没有办法对用户隐藏这一步?

4

1 回答 1

0

是的——你可以通过一个神奇的链接来做到这一点。

本质上,您将电子邮件地址放入签名令牌中,以告诉 B2C 要重置谁的密码。

请注意,执行此操作的新方法是通过id_token_hint

于 2019-10-24T17:57:23.193 回答