Is it possible to validate the Email claim from Social Identity Providers (iDPs) using Azure B2C custom policy before creating a User in Azure AD?

Question

The scenario is this: we have added Microsoft iDP to our app. The user can click the Microsoft Account button and use their MSA account to sign-up\\sign-in.

When the use

Answer 1

Yep, Note 1 I added in the question above is the way to go.

Just tested the scenario using SelfAsserted-Social technical profile instead of LocalAccountSignUpWithLogonEmail.

It worked and the rest API was called as expected. I can see the traces and the e-mail attempted inside the app service's log stream.

When providing an invalid e-mail, the user is able to see the error message returned from the custom validation endpoint.

This is the overridden\complemented technical profile that goes in TrustFrameworkExtensions.xml:

<ClaimsProvider>
  <DisplayName>Self Asserted</DisplayName>
  <TechnicalProfiles>

    <TechnicalProfile Id="SelfAsserted-Social">
      <ValidationTechnicalProfiles>
        <ValidationTechnicalProfile ReferenceId="REST-ValidateEmail" />
      </ValidationTechnicalProfiles>
    </TechnicalProfile>

  </TechnicalProfiles>
</ClaimsProvider>