教程:在 Azure Active Directory B2C 中创建用户流Tutorial: Create user flows in Azure Active Directory B2C

可以在应用程序中使用用户流,让用户注册、登录或管理其配置文件。In your applications you may have user flows that enable users to sign up, sign in, or manage their profile. 可以在 Azure Active Directory B2C (Azure AD B2C) 租户中创建多个不同类型的用户流,并根据需要在应用程序中使用它们。You can create multiple user flows of different types in your Azure Active Directory B2C (Azure AD B2C) tenant and use them in your applications as needed. 可以跨应用程序重复使用用户流。User flows can be reused across applications.

在本文中,学习如何:In this article, you learn how to:

  • 创建注册和登录用户流Create a sign-up and sign-in user flow
  • 创建配置文件编辑用户流Create a profile editing user flow
  • 创建密码重置用户流Create a password reset user flow

本教程介绍如何使用 Azure 门户创建一些建议的用户流。This tutorial shows you how to create some recommended user flows by using the Azure portal. 若要了解如何在应用程序中设置资源所有者密码凭据 (ROPC) 流,请参阅在 Azure AD B2C 中配置资源所有者密码凭据流If you're looking for information about how to set up a resource owner password credentials (ROPC) flow in your application, see Configure the resource owner password credentials flow in Azure AD B2C.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a Trial before you begin.

先决条件Prerequisites

注册属于要创建的用户流的应用程序。Register your applications that are part of the user flows you want to create.

创建注册和登录用户流Create a sign-up and sign-in user flow

注册和登录用户流通过单一配置处理注册和登录体验。The sign-up and sign-in user flow handles both sign-up and sign-in experiences with a single configuration. 根据上下文将应用程序用户引导至正确的路径。Users of your application are led down the right path depending on the context.

  1. 登录到 Azure 门户Sign in to the Azure portal.

  2. 在门户工具栏中选择“目录 + 订阅”图标,然后选择包含 Azure AD B2C 租户的目录。Select the Directory + Subscription icon in the portal toolbar, and then select the directory that contains your Azure AD B2C tenant.

    Azure 门户 中的 B2C 租户、目录和订阅窗格

  3. 在 Azure 门户中,搜索并选择“Azure AD B2C”。In the Azure portal, search for and select Azure AD B2C.

  4. 在“策略”下选择“用户流(策略)”,然后选择“新建用户流” 。Under Policies, select User flows (policies), and then select New user flow.

    门户中的“用户流”页面,突出显示了“新建用户流”按钮

  5. 在“建议”选项卡上选择“注册和登录”用户流。 On the Recommended tab, select the Sign up and sign in user flow.

    “选择用户流”页面,其中突出显示了“注册和登录”流

  6. 输入该用户流的名称Enter a Name for the user flow. 例如 signupsignin1For example, signupsignin1.

  7. 对于“标识提供者”,请选择“电子邮件注册”。 For Identity providers, select Email signup.

    Azure 门户中的“创建用户流”页面,突出显示了属性

  8. 对于“用户属性和声明”,请选择在注册期间要从用户收集并发送的声明和属性。For User attributes and claims, choose the claims and attributes that you want to collect and send from the user during sign-up. 例如,选择“显示更多”,然后选择“国家/地区”、“显示名称”和“邮政编码”所对应的属性和声明。 For example, select Show more, and then choose attributes and claims for Country/Region, Display Name, and Postal Code. 单击 “确定”Click OK.

    属性和声明选择页,有三个声明处于选中状态

  9. 单击“创建”以添加用户流。Click Create to add the user flow. 名称中会自动附加前缀 B2C_1。A prefix of B2C_1 is automatically prepended to the name.

测试用户流Test the user flow

  1. 选择已创建的用户流以打开其概览页,然后选择“运行用户流”。Select the user flow you created to open its overview page, then select Run user flow.

  2. 对于“应用程序”,请选择前面已注册的名为 webapp1 的 Web 应用程序。For Application, select the web application named webapp1 that you previously registered. “回复 URL”应显示为 https://jwt.msThe Reply URL should show https://jwt.ms.

  3. 单击“运行用户流”,然后选择“立即注册”。 Click Run user flow, and then select Sign up now.

    门户中的“运行用户流”页面,突出显示了“运行用户流”按钮

  4. 输入有效的电子邮件地址,单击“发送验证码”,输入收到的验证码,然后选择“验证代码”。 Enter a valid email address, click Send verification code, enter the verification code that you receive, then select Verify code.

  5. 输入新密码并确认。Enter a new password and confirm the password.

  6. 选择所在的国家和地区,输入要显示的名称,输入邮政编码,然后单击“创建”。Select your country and region, enter the name that you want displayed, enter a postal code, and then click Create. 令牌将返回到 https://jwt.ms 并显示出来。The token is returned to https://jwt.ms and should be displayed to you.

  7. 现在可以再次运行用户流,你应该可以使用创建的帐户登录。You can now run the user flow again and you should be able to sign in with the account that you created. 返回的令牌包含所选国家/地区、名称和邮政编码的声明。The returned token includes the claims that you selected of country/region, name, and postal code.

创建配置文件编辑用户流Create a profile editing user flow

如果希望用户能够在你的应用程序中编辑其个人资料,请使用个人资料编辑用户流。If you want to enable users to edit their profile in your application, you use a profile editing user flow.

  1. 在 Azure AD B2C 租户概览页的菜单中,选择“用户流(策略)”,然后选择“新建用户流” 。In the menu of the Azure AD B2C tenant overview page, select User flows (policies), and then select New user flow.
  2. 在“建议”选项卡上选择“个人资料编辑”用户流 。Select the Profile editing user flow on the Recommended tab.
  3. 输入该用户流的名称Enter a Name for the user flow. 例如 profileediting1For example, profileediting1.
  4. 对于“标识提供者”,请选择“本地帐户登录”。For Identity providers, select Local Account SignIn.
  5. 对于“用户属性”,请选择你希望客户能够在其个人资料中编辑的属性。For User attributes, choose the attributes that you want the customer to be able to edit in their profile. 例如,选择“显示更多”,然后选择“显示名称”和“职务”所对应的属性和声明。 For example, select Show more, and then choose both attributes and claims for Display name and Job title. 单击 “确定”Click OK.
  6. 单击“创建”以添加用户流。Click Create to add the user flow. 名称中会自动追加前缀 B2C_1A prefix of B2C_1 is automatically appended to the name.

测试用户流Test the user flow

  1. 选择已创建的用户流以打开其概览页,然后选择“运行用户流”。Select the user flow you created to open its overview page, then select Run user flow.
  2. 对于“应用程序”,请选择前面已注册的名为 webapp1 的 Web 应用程序。For Application, select the web application named webapp1 that you previously registered. “回复 URL”应显示为 https://jwt.msThe Reply URL should show https://jwt.ms.
  3. 单击“运行用户流”,然后使用前面创建的帐户登录。Click Run user flow, and then sign in with the account that you previously created.
  4. 现在,你可以更改用户的显示名称和职务。You now have the opportunity to change the display name and job title for the user. 单击 “继续”Click Continue. 令牌将返回到 https://jwt.ms 并显示出来。The token is returned to https://jwt.ms and should be displayed to you.

创建密码重置用户流Create a password reset user flow

若要允许应用程序用户重置其密码,请使用密码重置用户流。To enable users of your application to reset their password, you use a password reset user flow.

  1. 在 Azure AD B2C 租户概览菜单中,选择“用户流(策略)”,然后选择“新建用户流” 。In the Azure AD B2C tenant overview menu, select User flows (policies), and then select New user flow.
  2. 在“建议”选项卡上选择“密码重置”用户流 。Select the Password reset user flow on the Recommended tab.
  3. 输入该用户流的名称Enter a Name for the user flow. 例如 passwordreset1For example, passwordreset1.
  4. 对于“标识提供者”,请启用“使用电子邮件地址重置密码”。For Identity providers, enable Reset password using email address.
  5. 在“应用程序声明”下单击“显示更多”,并选择你希望在发回到应用程序的授权令牌中返回的声明。Under Application claims, click Show more and choose the claims that you want returned in the authorization tokens sent back to your application. 例如,选择“用户的对象 ID”。For example, select User's Object ID.
  6. 单击 “确定”Click OK.
  7. 单击“创建”以添加用户流。Click Create to add the user flow. 名称中会自动追加前缀 B2C_1A prefix of B2C_1 is automatically appended to the name.

测试用户流Test the user flow

  1. 选择已创建的用户流以打开其概览页,然后选择“运行用户流”。Select the user flow you created to open its overview page, then select Run user flow.
  2. 对于“应用程序”,请选择前面已注册的名为 webapp1 的 Web 应用程序。For Application, select the web application named webapp1 that you previously registered. “回复 URL”应显示为 https://jwt.msThe Reply URL should show https://jwt.ms.
  3. 单击“运行用户流”,验证之前创建的帐户的电子邮件地址,然后选择“继续”。 Click Run user flow, verify the email address of the account that you previously created, and select Continue.
  4. 现在可以更改用户的密码。You now have the opportunity to change the password for the user. 更改密码,然后选择“继续”。Change the password and select Continue. 令牌将返回到 https://jwt.ms 并显示出来。The token is returned to https://jwt.ms and should be displayed to you.

后续步骤Next steps

本文介绍了如何执行以下操作:In this article, you learned how to:

  • 创建注册和登录用户流Create a sign-up and sign-in user flow
  • 创建配置文件编辑用户流Create a profile editing user flow
  • 创建密码重置用户流Create a password reset user flow