Skip to content

Latest commit

 

History

History
167 lines (128 loc) · 8.6 KB

identity-provider-ebay.md

File metadata and controls

167 lines (128 loc) · 8.6 KB
title titleSuffix description author manager ms.service ms.topic ms.date ms.author ms.subservice zone_pivot_groups
Set up sign-up and sign-in with an eBay account
Azure AD B2C
Provide sign-up and sign-in to customers with eBay accounts in your applications using Azure Active Directory B2C.
garrodonnell
CelesteDG
azure-active-directory
how-to
09/16/2021
godonnell
b2c
b2c-policy-type

Set up sign-up and sign-in with an eBay account using Azure Active Directory B2C

[!INCLUDE active-directory-b2c-choose-user-flow-or-custom-policy]

::: zone pivot="b2c-user-flow"

[!INCLUDE active-directory-b2c-limited-to-custom-policy]

::: zone-end

::: zone pivot="b2c-custom-policy"

Prerequisites

[!INCLUDE active-directory-b2c-customization-prerequisites-custom-policy]

Create an eBay application

To enable sign-in for users with an eBay account in Azure Active Directory B2C (Azure AD B2C), you need to create an application in eBay developer console. For more information, see Creating a developer account. If you don't already have an eBay developer account, sign up at https://developer.ebay.com/signin.

To create an eBay application, follow these steps:

  1. Sign in to the eBay developer console's Application Keys with your eBay developer account credentials.
  2. Enter an Application Title.
  3. Under the Production, select Create a keyset.
  4. In the Confirm the Primary Contact for this Account page, provide your account details. To complete the registration process, select Continue to Create Keys.
  5. Copy the values of App ID (Client ID) and App ID (Client ID). You need both to add the identity provider to your tenant.
  6. Select User Tokens, then select Get a Token from eBay via Your Application.
  7. Select Add eBay Redirect URL.
    1. Enter a valid URL for the Your privacy policy URL, for example https://www.contoso.com/privacy. The policy URL is a page you maintain to provide privacy information for your application.
    2. In the Your auth accepted URL, enter https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp. If you use a custom domain, enter https://your-domain-name/your-tenant-name.onmicrosoft.com/oauth2/authresp. Replace your-tenant-name with the name of your tenant, and your-domain-name with your custom domain.
  8. Select Save.

Create a policy key

You need to store the client secret that you previously recorded in your Azure AD B2C tenant.

  1. Sign in to the Azure portal.
  2. If you have access to multiple tenants, select the Settings icon in the top menu to switch to your Azure AD B2C tenant from the Directories + subscriptions menu.
  3. Choose All services in the top-left corner of the Azure portal, and then search for and select Azure AD B2C.
  4. On the Overview page, select Identity Experience Framework.
  5. Select Policy Keys and then select Add.
  6. For Options, choose Manual.
  7. Enter a Name for the policy key. For example, eBaySecret. The prefix B2C_1A_ is added automatically to the name of your key.
  8. In Secret, enter your client secret that you previously recorded.
  9. For Key usage, select Signature.
  10. Select Create.

Configure eBay as an identity provider

To enable users to sign in using an eBay account, you need to define the account as a claims provider that Azure AD B2C can communicate with through an endpoint. The endpoint provides a set of claims that are used by Azure AD B2C to verify that a specific user has authenticated.

You can define an eBay account as a claims provider by adding it to the ClaimsProviders element in the extension file of your policy.

  1. Open the TrustFrameworkExtensions.xml.

  2. Find the ClaimsProviders element. If it does not exist, add it under the root element.

  3. Add a new ClaimsProvider as follows:

    <!--
<ClaimsProviders> -->
  <ClaimsProvider>
    <Domain>ebay.com</Domain>
    <DisplayName>eBay</DisplayName>
    <TechnicalProfiles>
      <TechnicalProfile Id="eBay-OAUTH2">
        <DisplayName>eBay</DisplayName>
        <Protocol Name="OAuth2" />
        <Metadata>
          <Item Key="ProviderName">ebay.com</Item>
          <Item Key="authorization_endpoint">https://auth.ebay.com/oauth2/authorize</Item>
          <Item Key="AccessTokenEndpoint">https://api.ebay.com/identity/v1/oauth2/token</Item>
          <Item Key="ClaimsEndpoint">https://apiz.ebay.com/commerce/identity/v1/user/</Item>
          <Item Key="HttpBinding">POST</Item>
          <Item Key="BearerTokenTransmissionMethod">AuthorizationHeader</Item>
          <Item Key="token_endpoint_auth_method">client_secret_basic</Item>
          <Item Key="scope">https://api.ebay.com/oauth/api_scope/commerce.identity.readonly</Item>
          <Item Key="UsePolicyInRedirectUri">0</Item>
          <!-- Update the Client ID below to the Application ID -->
          <Item Key="client_id">Your eBay app ID</Item>
        </Metadata>
        <CryptographicKeys>
          <Key Id="client_secret" StorageReferenceId="eBaySecret"/>
        </CryptographicKeys>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="userId"/>
          <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="individualAccount.firstName"/>
          <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="individualAccount.lastName"/>
          <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="username"/>
          <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email"/>
          <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="ebay.com" AlwaysUseDefaultValue="true" />
          <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" AlwaysUseDefaultValue="true" />
        </OutputClaims>
        <OutputClaimsTransformations>
          <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/>
          <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName"/>
          <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId"/>
        </OutputClaimsTransformations>
        <UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
      </TechnicalProfile>
    </TechnicalProfiles>
  </ClaimsProvider>
<!--
</ClaimsProviders> -->

  4. Set client_id to the application ID from the application registration.

  5. Save the file.

[!INCLUDE active-directory-b2c-add-identity-provider-to-user-journey]

<OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
  <ClaimsProviderSelections>
    ...
    <ClaimsProviderSelection TargetClaimsExchangeId="eBayExchange" />
  </ClaimsProviderSelections>
  ...
</OrchestrationStep>

<OrchestrationStep Order="2" Type="ClaimsExchange">
  ...
  <ClaimsExchanges>
    <ClaimsExchange Id="eBayExchange" TechnicalProfileReferenceId="eBay-OAUTH2" />
  </ClaimsExchanges>
</OrchestrationStep>

[!INCLUDE active-directory-b2c-configure-relying-party-policy]

Test your custom policy

  1. Select your relying party policy, for example B2C_1A_signup_signin.
  2. For Application, select a web application that you previously registered. The Reply URL should show https://jwt.ms.
  3. Select the Run now button.
  4. From the sign-up or sign-in page, select eBay to sign in with eBay account.

If the sign-in process is successful, your browser is redirected to https://jwt.ms, which displays the contents of the token returned by Azure AD B2C.

Next steps

Learn how to pass Facebook token to your application.

::: zone-end