Reputation: 2635
How to user AdditionalRequestQueryParameters metadata param in OAuth2 technical profile
Here in the docs https://learn.microsoft.com/en-us/azure/active-directory-b2c/oauth2-technical-profile
you can see the OAuth2 technical profile is claimed to support AdditionalRequestQueryParameters with the following description
Extra request query parameters. For example, you may want to send extra parameters to your identity provider. You can include multiple parameters using comma delimiter.
I am trying to use this param to force google authentication page to always show account selection view by adding this metadata param
<Item Key="AdditionalRequestQueryParameters">prompt=select_account</Item>
to my TechnicalProfile metadata
<TechnicalProfile Id="Google-OAuth2">
<DisplayName>Continue with google displayname Google-OAuth2</DisplayName>
<Protocol Name="OAuth2"/>
<Metadata>
<Item Key="ProviderName">google</Item>
<Item Key="authorization_endpoint">https://accounts.google.com/o/oauth2/auth</Item>
<Item Key="AccessTokenEndpoint">https://accounts.google.com/o/oauth2/token</Item>
<Item Key="ClaimsEndpoint">https://www.googleapis.com/oauth2/v1/userinfo</Item>
<Item Key="scope">email profile</Item>
<Item Key="HttpBinding">GET</Item>
<Item Key="UsePolicyInRedirectUri">false</Item>
<Item Key="AdditionalRequestQueryParameters">prompt=select_account</Item>
<Item Key="client_id">mykey.apps.googleusercontent.com</Item>
</Metadata>
But this doesn't have any effect.
If I instead change authorization_endpoint to https://accounts.google.com/o/oauth2/auth?prompt=select_account, I get the required behaviour.
So my questions are:
- Is
AdditionalRequestQueryParametersmetadata param implemented at all - If implemented, can it be use for the described task.
Upvotes: 0
Views: 50
Answers (1)
Reputation: 2635
I found an alternative solution without using AdditionalRequestQueryParameters. Instead you can set prompt=select_account by using an InputClaim. Add this to your Google OAuth TechnicalProfile tag:
<InputClaims>
<InputClaim ClaimTypeReferenceId="prompt" PartnerClaimType="prompt" DefaultValue="select_account" AlwaysUseDefaultValue="true" />
</InputClaims>
Upvotes: 1
Related Questions
- Run validation technical profile on orchestration step and show error to user if validation fails
- Custom Policy - Localized Claim within REST Technical Profile
- OIDC-Connect technical profile only works under a self-asserted validation reference (but need it not to require a self-asserted profile)
- Azure AD B2C Custom Policy does not yield a valid Apple idp_access_token for the Apple revoke token endpoint
- How do you Trigger a Technical Profile if Validation Technical Profile fails
- Sending a Claim in a validation Technical Profile