Is it possible to validate the Email claim from Social Identity Providers (iDPs) using Azure B2C custom policy before creating a User in Azure AD?

Question

The scenario is this: we have added Microsoft iDP to our app. The user can click the Microsoft Account button and use their MSA account to sign-up\\sign-in.

When the use

Answer 1

Yep, Note 1 I added in the question above is the way to go.

Just tested the scenario using SelfAsserted-Social technical profile instead of LocalAccountSignUpWithLogonEmail.

It worked and the rest API was called as expected. I can see the traces and the e-mail attempted inside the app service's log stream.

When providing an invalid e-mail, the user is able to see the error message returned from the custom validation endpoint.

This is the overridden\complemented technical profile that goes in TrustFrameworkExtensions.xml:

  Self Asserted