我正在使用 msal.js 并希望用于domain_hint
直接登陆 IdP 页面。在我设置extraQueryParameters: {domain_hint: 'abc'}
msal.js 后,确实将 添加domain_hint=xyz
到查询字符串,但它还domain_hint=organizations
在导致 B2C 显示我喜欢跳过的 IdP 选择页面之前添加了域。
网址
https://xyz.b2clogin.com/xyz.onmicrosoft.com/b2csignupsignin/oauth2/v2.0/authorize?response_type=id_token&scope=https%3A%2F%test.onmicrosoft.com%2Fhelloapi%2Fdemo.read%20openid%20profile&client_id=e3443e90-18bc-4a23-9982-7fd5e67ff339&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F&state=11eff659-29d9-49af-80db-a7ef5bfe55ee&nonce=daeafcda-5984-468b-8796-1b2655a8599e&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.1.2&login_req=9b8396fa-6441-466d-98da-3efd87ab7d07-b2c_1_primerosignupsignin&domain_req=48e05529-88b8-40e1-825a-18c4e1077b3a&domain_hint=organizations&domain_hint=abc&client-request-id=f2e88cb1-5edb-447f-8fc3-578f69c23b4e&response_mode=fragment
索引.html
<head>
<title>Calling a Web API as a user authenticated with Msal.js app</title>
<style>
.hidden {
visibility: hidden
}
.visible {
visibility: visible
}
.response {
border: solid;
border-width: thin;
background-color: azure;
padding: 2px;
}
</style>
</head>
<body>
<!-- bluebird only needed if this page needs to run on Internet Explorer -->
<!-- msal.min.js can be used in the place of msal.js; included msal.js to make debug easy -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.3.4/bluebird.min.js" class="pre"></script>
<script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.1.2/js/msal.js"></script>
<script src="https://code.jquery.com/jquery-3.2.1.min.js" class="pre"></script>
<h2>Getting an access token with Azure AD B2C and calling a Web API</h2>
<div>
<div id="label">Sign-in with Microsoft Azure AD B2C</div>
<button id="auth" onclick="signIn()">Login</button>
<button id="callApiButton" class="hidden" onclick="callApi()">Call Web API</button>
</div>
<pre class="response"></pre>
<script class="pre">
// The current application coordinates were pre-registered in a B2C tenant.
var appConfig = {
b2cScopes: [""]
};
</script>
<script>
"use strict";
// configuration to initialize msal
const msalConfig = {
auth: {
clientId: "e3443e90-18bc-4a23-9982-7fd5e67ff339", //This is your client ID
authority: "https://xyz.b2clogin.com/xyz.onmicrosoft.com/B2c_SignUpSignIn", //This is your tenant info
validateAuthority: false
},
cache: {
cacheLocation: "localStorage",
storeAuthStateInCookie: true
}
};
// instantiate MSAL
const myMSALObj = new Msal.UserAgentApplication(msalConfig);
// request to signin - returns an idToken
const loginRequest = {
scopes: appConfig.b2cScopes,
extraQueryParameters: {domain_hint: 'abc'}
};
// request to acquire a token for resource access
const tokenRequest = {
scopes: appConfig.b2cScopes
};
// signin and acquire a token silently with POPUP flow. Fall back in case of failure with silent acquisition to popup
function signIn() {
myMSALObj.loginPopup(loginRequest).then(function (loginResponse) {
getToken(tokenRequest).then(updateUI);
}).catch(function (error) {
logMessage(error);
});
}
//acquire a token silently
function getToken(tokenRequest) {
return myMSALObj.acquireTokenSilent(tokenRequest).catch(function(error) {
console.log("aquire token popup");
// fallback to interaction when silent call fails
return myMSALObj.acquireTokenPopup(tokenrequest).then(function (tokenResponse) {
}).catch(function(error){
logMessage("Failed token acquisition", error);
});
});
}
// updates the UI post login/token acqusition
function updateUI() {
const userName = myMSALObj.getAccount().name;
console.log(myMSALObj.getAccount());
logMessage("User '" + userName + "' logged-in");
// add the logout button
const authButton = document.getElementById('auth');
authButton.innerHTML = 'logout';
authButton.setAttribute('onclick', 'logout();');
// greet the user - specifying login
const label = document.getElementById('label');
label.innerText = "Hello " + userName;
// add the callWebApi button
const callWebApiButton = document.getElementById('callApiButton');
callWebApiButton.setAttribute('class', 'visible');
}
// calls the resource API with the token
function callApi() {
getToken(tokenRequest).then(function(tokenResponse) {
callApiWithAccessToken(tokenResponse.accessToken);
});
}
// helper function to access the resource with the token
function callApiWithAccessToken(accessToken) {
// Call the Web API with the AccessToken
$.ajax({
type: "GET",
url: appConfig.webApi,
headers: {
'Authorization': 'Bearer ' + accessToken,
},
}).done(function (data) {
logMessage("Web APi returned:\n" + JSON.stringify(data));
})
.fail(function (jqXHR, textStatus) {
logMessage("Error calling the Web api:\n" + textStatus);
})
}
// signout the user
function logout() {
// Removes all sessions, need to call AAD endpoint to do full logout
myMSALObj.logout();
}
// debug helper
function logMessage(s) {
document.body.querySelector('.response').appendChild(document.createTextNode('\n' + s));
}
</script>
</body>
</html>