0

I've created a simple Blazor server application linking to an Azure B2C directory for authorization. Everything works but I need to add additional role claims to the token. Research has pointed me to this SO post which refers to adding the claims during the AuthorizationCodeReceived notification(Example here).

I understand what I need to do, but the example is using OpenIdConnectAuthentication (from Microsoft.Owin.Security.OpenIdConnect) instead of Blazor server's Microsoft.AspNetCore.Authentication.AzureADB2C.UI.

How can I still access and amend the claims in the token once it's received? Is such a thing supported in Microsoft.AspNetCore.Authentication.AzureADB2C.UI or should be switching to OpenId?

Below is the boilerplate included in a basic Blazor server application but the AzureADB2COptions are all just string config values.

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
            .AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options));

        services.AddRazorPages();
        services.AddServerSideBlazor().AddCircuitOptions(o =>
        {
            if (_environment.IsDevelopment()) //only add details when debugging
            {
                o.DetailedErrors = true;
            }
        });

        // remaining service configuration
    }
MoSlo
  • 535
  • 5
  • 11
  • Related question + answer: https://stackoverflow.com/questions/61488529/azureadb2c-ui-access-to-openidconnectevents-ontokenvalidated – bob Apr 29 '20 at 20:26

1 Answers1

1

You can try to override the specific schema after AddAzureADB2C , then register your events like :

services.Configure<OpenIdConnectOptions>(AzureADB2CDefaults.OpenIdScheme, options =>
{
    options.ResponseType = "code";
    options.Events = new OpenIdConnectEvents
    {



        OnAuthorizationCodeReceived= async ctx =>
        {


            .....
        },
    };
});

Use options.ResponseType = "code" to triage the access token exchange otherwise OnAuthorizationCodeReceived won't fire , you can follow the code sample from here , that code sample doesn't directly use the library , but has the same logic as Microsoft.AspNetCore.Authentication.AzureADB2C.UI1

Nan Yu
  • 26,101
  • 9
  • 68
  • 148
  • Thanks for this! I've basically come to the realization that I'm going about this in the wrong way (ie "code flow" is not what I should be using) and your answer led me to that. – MoSlo Jan 10 '20 at 07:43