Skip to content

identity-provider-weibo.md

Latest commit

 

History

History
221 lines (176 loc) · 11.2 KB

identity-provider-weibo.md

File metadata and controls

221 lines (176 loc) · 11.2 KB
title Set up sign-up and sign-in with a Weibo account
titleSuffix Azure AD B2C
description Provide sign-up and sign-in to customers with Weibo accounts in your applications using Azure Active Directory B2C.
author garrodonnell
manager CelesteDG
ms.service azure-active-directory
ms.topic how-to
ms.date 09/16/2021
ms.author godonnell
ms.subservice b2c
zone_pivot_groups b2c-policy-type

Set up sign-up and sign-in with a Weibo account using Azure Active Directory B2C

[!INCLUDE active-directory-b2c-end-of-sale-notice-b]

[!INCLUDE active-directory-b2c-choose-user-flow-or-custom-policy]

::: zone pivot="b2c-user-flow"

[!INCLUDE active-directory-b2c-public-preview]

::: zone-end

Prerequisites

[!INCLUDE active-directory-b2c-customization-prerequisites]

Create a Weibo application

To enable sign-in for users with a Weibo account in Azure Active Directory B2C (Azure AD B2C), you need to create an application in Weibo developer portal. If you don't already have a Weibo account, you can sign up at https://weibo.com.

  1. Sign in to the Weibo developer portal with your Weibo account credentials.
  2. After signing in, select your display name in the top-right corner.
  3. In the dropdown, select 编辑开发者信息 (edit developer information).
  4. Enter the required information and select 提交 (submit).
  5. Complete the email verification process.
  6. Go to the identity verification page.
  7. Enter the required information and select 提交 (submit).

Register a Weibo application

  1. Go to the new Weibo app registration page.
  2. Enter the necessary application information.
  3. Select 创建 (create).
  4. Copy the values of App Key and App Secret. You need both of these to add the identity provider to your tenant.
  5. Upload the required photos and enter the necessary information.
  6. Select 保存以上信息 (save).
  7. Select 高级信息 (advanced information).
  8. Select 编辑 (edit) next to the field for OAuth2.0 授权设置 (redirect URL).
  9. For the OAuth2.0 授权设置 (redirect URL), enter https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp. If you use a custom domain, enter https://your-domain-name/your-tenant-name.onmicrosoft.com/oauth2/authresp. Replace your-tenant-name with the name of your tenant, and your-domain-name with your custom domain.
  10. Select 提交 (submit).

::: zone pivot="b2c-user-flow"

Configure Weibo as an identity provider

  1. Sign in to the Azure portal with an account that has at least External Identity Provider Administrator privileges.
  2. If you have access to multiple tenants, select the Settings icon in the top menu to switch to your Azure AD B2C tenant from the Directories + subscriptions menu.
  3. Choose All services in the top-left corner of the Azure portal, search for and select Azure AD B2C.
  4. Select Identity providers, then select Weibo (Preview).
  5. Enter a Name. For example, Weibo.
  6. For the Client ID, enter the App Key of the Weibo application that you created earlier.
  7. For the Client secret, enter the App Secret that you recorded.
  8. Select Save.

Add Weibo identity provider to a user flow

  1. In your Azure AD B2C tenant, select User flows.
  2. Click the user flow that you want to add the Weibo identity provider.
  3. Under the Social identity providers, select Weibo.
  4. Select Save.
  5. To test your policy, select Run user flow.
  6. For Application, select the web application named testapp1 that you previously registered. The Reply URL should show https://jwt.ms.
  7. Select the Run user flow button.
  8. From the sign-up or sign-in page, select Weibo to sign in with Weibo account.

If the sign-in process is successful, your browser is redirected to https://jwt.ms, which displays the contents of the token returned by Azure AD B2C.

::: zone-end

::: zone pivot="b2c-custom-policy"

Create a policy key

You need to store the client secret that you previously recorded in your Azure AD B2C tenant.

  1. Sign in to the Azure portal.
  2. If you have access to multiple tenants, select the Settings icon in the top menu to switch to your Azure AD B2C tenant from the Directories + subscriptions menu.
  3. Choose All services in the top-left corner of the Azure portal, and then search for and select Azure AD B2C.
  4. On the Overview page, select Identity Experience Framework.
  5. Select Policy Keys and then select Add.
  6. For Options, choose Manual.
  7. Enter a Name for the policy key. For example, WeiboSecret. The prefix B2C_1A_ is added automatically to the name of your key.
  8. In Secret, enter your client secret that you previously recorded.
  9. For Key usage, select Signature.
  10. Click Create.

Configure Weibo as an identity provider

To enable users to sign in using a Weibo account, you need to define the account as a claims provider that Azure AD B2C can communicate with through an endpoint. The endpoint provides a set of claims that are used by Azure AD B2C to verify that a specific user has authenticated.

You can define a Weibo account as a claims provider by adding it to the ClaimsProviders element in the extension file of your policy.

  1. Open the TrustFrameworkExtensions.xml.

  2. Find the ClaimsProviders element. If it does not exist, add it under the root element.

  3. Add a new ClaimsProvider as follows:

    <ClaimsProvider>
  <Domain>weibo.com</Domain>
  <DisplayName>Weibo (Preview)</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="Weibo-OAuth2">
      <DisplayName>Weibo</DisplayName>
      <Protocol Name="OAuth2" />
      <Metadata>
        <Item Key="ProviderName">weibo</Item>
        <Item Key="authorization_endpoint">https://api.weibo.com/oauth2/authorize</Item>
        <Item Key="AccessTokenEndpoint">https://api.weibo.com/oauth2/access_token</Item>
        <Item Key="ClaimsEndpoint">https://api.weibo.com/2/account/get_uid.json</Item>
        <Item Key="scope">email</Item>
        <Item Key="HttpBinding">POST</Item>
        <Item Key="external_user_identity_claim_id">uid</Item>
        <Item Key="client_id">Your Weibo application ID</Item>
      </Metadata>
      <CryptographicKeys>
        <Key Id="client_secret" StorageReferenceId="B2C_1A_WeiboSecret" />
      </CryptographicKeys>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="numericUserId" PartnerClaimType="uid" />
        <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="weibo.com" AlwaysUseDefaultValue="true" />
        <OutputClaim ClaimTypeReferenceId="displayName" DefaultValue="Weibo User" />
        <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" AlwaysUseDefaultValue="true" />
        <OutputClaim ClaimTypeReferenceId="UserId" />
      </OutputClaims>
      <OutputClaimsTransformations>
        <OutputClaimsTransformation ReferenceId="CreateIssuerUserId" />
        <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/>
        <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName"/>
        <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId"/>
        <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId"/>
      </OutputClaimsTransformations>
      <UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>
<ClaimsProvider>

  4. Set client_id to the application ID from the application registration.

  5. Save the file.

Add the claims transformations

The GitHub technical profile requires the CreateIssuerUserId claim transformations to be added to the list of ClaimsTransformations. If you don't have a ClaimsTransformations element defined in your file, add the parent XML elements as shown below. The claims transformations also need a new claim type defined named numericUserId.

  1. Search for the BuildingBlocks element. If the element doesn't exist, add it.
  2. Locate the ClaimsSchema element. If the element doesn't exist, add it.
  3. Add the numericUserId claim to the ClaimsSchema element.
  4. Locate the ClaimsTransformations element. If the element doesn't exist, add it.
  5. Add the CreateIssuerUserId claims transformations to the ClaimsTransformations element.
<BuildingBlocks>
  <ClaimsSchema>
    <ClaimType Id="numericUserId">
      <DisplayName>Numeric user Identifier</DisplayName>
      <DataType>long</DataType>
    </ClaimType>
  </ClaimsSchema>
  <ClaimsTransformations>
    <ClaimsTransformation Id="CreateIssuerUserId" TransformationMethod="ConvertNumberToStringClaim">
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="numericUserId" TransformationClaimType="inputClaim" />
      </InputClaims>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="issuerUserId" TransformationClaimType="outputClaim" />
      </OutputClaims>
    </ClaimsTransformation>
  </ClaimsTransformations>
</BuildingBlocks>

[!INCLUDE active-directory-b2c-add-identity-provider-to-user-journey]

<OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
  <ClaimsProviderSelections>
    ...
    <ClaimsProviderSelection TargetClaimsExchangeId="WeiboExchange" />
  </ClaimsProviderSelections>
  ...
</OrchestrationStep>

<OrchestrationStep Order="2" Type="ClaimsExchange">
  ...
  <ClaimsExchanges>
    <ClaimsExchange Id="WeiboExchange" TechnicalProfileReferenceId="Weibo-OAuth2" />
  </ClaimsExchanges>
</OrchestrationStep>

[!INCLUDE active-directory-b2c-configure-relying-party-policy]

Test your custom policy

  1. Select your relying party policy, for example B2C_1A_signup_signin.
  2. For Application, select a web application that you previously registered. The Reply URL should show https://jwt.ms.
  3. Select the Run now button.
  4. From the sign-up or sign-in page, select Weibo to sign in with Weibo account.

If the sign-in process is successful, your browser is redirected to https://jwt.ms, which displays the contents of the token returned by Azure AD B2C.

::: zone-end