identity-experience-framework

Identity Experience Framework - getting the email claim with a multi-tenant Azure AD custom policy

帅比萌擦擦* 提交于 2021-02-11 15:24:47
问题 I've followed the instructions here to set up the Azure AD multi-tenant custom policy in the Identity Experience Framework: https://docs.microsoft.com/en-gb/azure/active-directory-b2c/active-directory-b2c-setup-commonaad-custom?tabs=applications However I'm unable to get a claim back containing the email address (corresponding to the "user name" from the external active directory). The main single-tenant active directory setup works fine, when I use this claim mapping (and the other "social"

Howto Enable Email Verification in Azure AD B2C

人走茶凉 提交于 2021-02-10 06:56:16
问题 How do I enable email verification in B2C w/ custom policies? In an attempt to reverse engineer it, I tried disabling it in a built-in policy and downloaded the policy. I tried adding that metadata item to my self-asserted technical profile but that didn't work. Reverse Engineer Test | Built-In Policy <TechnicalProfile Id="SelfAsserted-Input"> <Metadata> <Item Key="EnforceEmailVerification">False</Item> </Metadata> </TechnicalProfile> My Self-Asserted Technical Profile <TechnicalProfile Id=

OAUTH-KV Claims Resolver in AAD B2C does not work

巧了我就是萌 提交于 2021-02-07 03:20:59
问题 I am trying to use the OAUTH-KV Claims Resolver to extract the value of a parameter named foo passed to an AAD B2C custom policy authorize endpoint as a claim, also named foo . The foo ClaimType is defined as <ClaimType Id="foo"> <DisplayName>Foo debug claim</DisplayName> <DataType>string</DataType> <UserInputType>TextBox</UserInputType> </ClaimType> and the TechnicalProfile as <TechnicalProfile Id="LocalAccount-Register"> <DisplayName>Register</DisplayName> <Protocol Name="Proprietary"

OAUTH-KV Claims Resolver in AAD B2C does not work

一个人想着一个人 提交于 2021-02-07 03:20:57
问题 I am trying to use the OAUTH-KV Claims Resolver to extract the value of a parameter named foo passed to an AAD B2C custom policy authorize endpoint as a claim, also named foo . The foo ClaimType is defined as <ClaimType Id="foo"> <DisplayName>Foo debug claim</DisplayName> <DataType>string</DataType> <UserInputType>TextBox</UserInputType> </ClaimType> and the TechnicalProfile as <TechnicalProfile Id="LocalAccount-Register"> <DisplayName>Register</DisplayName> <Protocol Name="Proprietary"

How to prevent Login in AD B2C based on an extension claim type using custom policies

余生颓废 提交于 2021-02-05 09:52:26
问题 I have an extension claim type say extension_isEmailVerified . I want to block user from login based on the value of this claim type. If it is true then user can login and if false then need to show an error message in the login page that your email is not verified. <TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email"> <DisplayName>Local Account Signin</DisplayName> <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0

Client Credential Gran Type Not Support with a Custom B2C Policy

安稳与你 提交于 2020-06-13 04:05:02
问题 I am trying to generate an access token from our policy but I am getting this error. AADB2C90086: The supplied grant_type [client_credentials] is not supported. This is a sample postman request POST /{tenant}/oauth2/token?p=B2C_1A_SignUpOrSignInWithAAD HTTP/1.1 Host: login.microsoftonline.com Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache grant_type=client_credentials&client_id={client_id}&resource=https%3A%2F%2F{app_url}&client_secret={client_secret} but it works

Client Credential Gran Type Not Support with a Custom B2C Policy

萝らか妹 提交于 2020-06-13 04:03:59
问题 I am trying to generate an access token from our policy but I am getting this error. AADB2C90086: The supplied grant_type [client_credentials] is not supported. This is a sample postman request POST /{tenant}/oauth2/token?p=B2C_1A_SignUpOrSignInWithAAD HTTP/1.1 Host: login.microsoftonline.com Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache grant_type=client_credentials&client_id={client_id}&resource=https%3A%2F%2F{app_url}&client_secret={client_secret} but it works

Email verification box disappears when passing email from Facebook as input claim to self-asserted profile

我只是一个虾纸丫 提交于 2020-05-16 03:12:53
问题 We want to force users to provide and verify their email address even when they reject passing their email claim from Facebook. We created an orchestration step which calls the following technical profile after coming back from Facebook: <TechnicalProfile Id="SelfAsserted-ConfirmEmailSocial"> <DisplayName>Confirm email social</DisplayName> <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken

how to get login_hint working with social IDP using custom policy

青春壹個敷衍的年華 提交于 2020-01-16 00:45:02
问题 We are using custom SignIn/SigUp Policy, configured Facebook, LinkedIn, Twitter, Google+ as Social IDP's. We have built a custom page where we ask the user for their email and then redirect them to the particular IDP page (we have logic built around this) using domain_hint , for example: domain_hint=facebook.com . I want to pass the email address entered by the user in the first step in login_hint along with domain_hint so that the user doesn't have to enter the email once again when

Azure AD B2C Password Reset policy without email verification step

强颜欢笑 提交于 2020-01-01 12:15:50
问题 Is it possible to create custom policy to reset password for already known email? I create user using Graph API and send invitation email to the specified email address. I want user to click on the link in that email and just set password for his account. I can create signed token with this email claim and send as assertion to my custom policy. So policy gets email as input claim. I see it in the trace. But I am not able to bypass email verification step in the password reset journey - when I