向 Azure Active Directory B2C 租户添加本机客户端应用程序Add a native client application to your Azure Active Directory B2C tenant

需要先在租户中注册本机客户端资源,然后应用程序才能与 Azure Active Directory B2C 通信。Native client resources need to be registered in your tenant before your application can communicate with Azure Active Directory B2C.

要在 Azure AD B2C 租户中注册应用程序,可以使用新的统一“应用注册”体验或旧版“应用程序(旧版)”体验 。To register an application in your Azure AD B2C tenant, you can use our new unified App registrations experience or our legacy Applications (Legacy) experience. 详细了解此新体验Learn more about the new experience.

  1. 登录 Azure 门户Sign in to the Azure portal.
  2. 在顶部菜单中选择“目录 + 订阅”筛选器,然后选择包含Azure AD B2C 租户的目录。Select the Directory + subscription filter in the top menu, and then select the directory that contains your Azure AD B2C tenant.
  3. 在左侧菜单中,选择“Azure AD B2C”。In the left menu, select Azure AD B2C. 或者,选择“所有服务”并搜索并选择“Azure AD B2C”。Or, select All services and search for and select Azure AD B2C.
  4. 选择“应用注册”,然后选择“新建注册” 。Select App registrations, and then select New registration.
  5. 输入应用程序的“名称”。Enter a Name for the application. 例如,“nativeapp1”。For example, nativeapp1.
  6. 在“支持的帐户类型”下,选择“任何组织目录中或任何标识提供者中的帐户” 。Under Supported account types, select Accounts in any organizational directory or any identity provider.
  7. 在“重定向 URI”下,使用下拉选择“公共客户端/本机(移动和桌面)” 。Under Redirect URI, use the drop-down to select Public client/native (mobile & desktop).
  8. 输入使用唯一方案的重定向 URI。Enter a redirect URI with a unique scheme. 例如,com.onmicrosoft.contosob2c.exampleapp://oauth/redirectFor example, com.onmicrosoft.contosob2c.exampleapp://oauth/redirect. 选择重定向 URI 时,有以下重要的注意事项:There are important considerations when choosing a redirect URI:
    • 开发:对于开发用途,可将重定向 URI 设置为 http://localhost,Azure AD B2C 将遵循请求中的任何端口。Development For development use, you can set the redirect URI to http://localhost and Azure AD B2C will respect any port in the request. 如果注册的 URI 包含端口,Azure AD B2C 将仅使用该端口。If the registered URI contains a port, Azure AD B2C will use that port only. 例如,如果注册的重定向 URI 为 http://localhost,则请求中的重定向 URI 可为 http://localhost:<randomport>For example, if the registered redirect URI is http://localhost, the redirect URI in the request can be http://localhost:<randomport>. 如果注册的重定向 URI 为 http://localhost:8080,则请求中的重定向 URI 必须为 http://localhost:8080If the registered redirect URI is http://localhost:8080, the redirect URI in the request must be http://localhost:8080.
    • 唯一:每个应用程序的重定向 URI 的方案必须是唯一的。Unique: The scheme of the redirect URI must be unique for every application. 在示例 com.onmicrosoft.contosob2c.exampleapp://oauth/redirect 中,com.onmicrosoft.contosob2c.exampleapp 为方案。In the example com.onmicrosoft.contosob2c.exampleapp://oauth/redirect, com.onmicrosoft.contosob2c.exampleapp is the scheme. 应遵循此模式。This pattern should be followed. 如果两个应用程序共享同一方案,则用户应选择一个应用程序。If two applications share the same scheme, the user is given a choice to choose an application. 如果用户选择不正确,登录会失败。If the user chooses incorrectly, the sign-in fails.
    • 完整:重定向 URI 必须同时包含方案和路径。Complete: The redirect URI must have a both a scheme and a path. 路径必须在域之后包含至少一个正斜杠。The path must contain at least one forward slash after the domain. 例如,//oauth/ 有效而 //oauth 失败。For example, //oauth/ works while //oauth fails. 请勿在 URI 中包含特殊字符(例如,下划线)。Don't include special characters in the URI, for example, underscores.
  9. 在“权限”下,选择“授予对 openid 和 office_access 权限的管理员许可”复选框。Under Permissions, select the Grant admin consent to openid and offline_access permissions check box.
  10. 选择“注册”。Select Register.