search

azure-ad-b2c / samples

Azure AD B2C custom policy solutions and samples.
846 stars 598 forks source link

Example on how to use AdditionalRequestQueryParameters on OAuth2 provider #640

Closed 0Dmitry closed 1 month ago

0Dmitry commented 1 month ago

I am trying to use AdditionalRequestQueryParameters metadata item to force google to show account selection page instead of using the currently logged in account if there is only one to use. I tried this config (not working):

<ClaimsProvider>
  <Domain>google.com</Domain>
  <DisplayName>Google</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="Google-OAuth2">
      <DisplayName>Google</DisplayName>
      <Protocol Name="OAuth2"/>
      <Metadata>
        <Item Key="ProviderName">google</Item>
        <Item Key="authorization_endpoint">https://accounts.google.com/o/oauth2/auth</Item>
        <Item Key="AccessTokenEndpoint">https://accounts.google.com/o/oauth2/token</Item>
        <Item Key="ClaimsEndpoint">https://www.googleapis.com/oauth2/v1/userinfo</Item>
        <Item Key="scope">email profile</Item>
        <Item Key="HttpBinding">POST</Item>
        <Item Key="UsePolicyInRedirectUri">false</Item>

        <Item Key="AdditionalRequestQueryParameters">prompt=select_account</Item>

        <Item Key="client_id"><client id>.apps.googleusercontent.com</Item>
      </Metadata>

I tried to find a sample usage of that metadata attribute. But it seems there isn't any in the entire GitHub..

Any ideas on how to make it work?

jasjeetsuri commented 1 month ago

You could solve this with inputclaim instead.

0Dmitry commented 1 month ago

You could solve this with inputclaim instead.

Yeah, I was able to pass this prompt param as an input claim like this:

<InputClaims>
  <InputClaim ClaimTypeReferenceId="prompt" PartnerClaimType="prompt" DefaultValue="select_account" AlwaysUseDefaultValue="true" />
</InputClaims>