identity-experience-framework

Azure Active Directory B2C Custom Invite Policy - Passing Custom Claims Between Steps

£可爱£侵袭症+ 提交于 2019-12-23 15:40:06
问题 I have implemented an invite policy (invite users to the site by sending them an email link) via this example https://github.com/azure-ad-b2c/samples/tree/master/policies/invite I have this user journey <UserJourney Id="SignUpInvitation"> <OrchestrationSteps> <OrchestrationStep Order="1" Type="GetClaims" CpimIssuerTechnicalProfileReferenceId="IdTokenHint_ExtractClaims" /> <OrchestrationStep Order="2" Type="ClaimsExchange"> <Preconditions> <Precondition Type="ClaimsExist" ExecuteActionsIf=

Add restrictions to custom policy and make claim optional Azure B2C

风格不统一 提交于 2019-12-22 01:17:23
问题 I am trying to collect user details using LocalAccountSignUpWithLogonName custom policy.I have added <OutputClaim ClaimTypeReferenceId="email" /> to LocalAccountSignUpWithLogonName as outputclaim. I want to make the email field optional, but if user enter the email I want to enable the restrictions.Below is my email claim <ClaimType Id="email"> <DisplayName>Your Email Address</DisplayName> <DataType>string</DataType> <DefaultPartnerClaimTypes> <Protocol Name="OpenIdConnect" PartnerClaimType=

Fetch ClaimType Enumerations via REST

℡╲_俬逩灬. 提交于 2019-12-14 03:42:13
问题 We're happily enriching our claims via custom RESTful API, but is it possible to instead display the fetched claim values (comma delimetered, for example) in a drop-down and ask used to pick one? <ClaimType Id="city"> <DisplayName>city where you work</DisplayName> <DataType>string</DataType> <UserInputType>DropdownSingleSelect</UserInputType> <Restriction> <!-- FETCH THESE VIA REST --> <Enumeration Text="Bellevue" Value="bellevue" SelectByDefault="false" /> </Restriction> </ClaimType> 来源:

Suggest OAuth flow(grant type) or approach for below requirement

╄→尐↘猪︶ㄣ 提交于 2019-12-13 03:47:35
问题 CompanyA is integrating with CompanyB where CompanyA's users will be buying devices of CompanyB. CompanyA wants to show user's device(CompanyB) details on their app by calling CompanyB's API on each user login. CompanyA user is authenticated on CompanyA IAM. CompanyA has to call register device when user tries to add an device first time. Help me to identify the flow which i can use to query particular loggedin user's device only. Do i need to create duplicate user account on CompanyB's IAM?

500 Internal Server Error in Azure AD B2C

血红的双手。 提交于 2019-12-11 16:39:18
问题 When I try to execute my sign-up policy I'm receiving: Why ? 回答1: I was trying to display the field but I hadn't defined the <UserInputType> node. <ClaimType Id="extension_HelloWorld"> <DisplayName>Hello World</DisplayName> <DataType>string</DataType> <DefaultPartnerClaimTypes> <Protocol Name="OAuth2" PartnerClaimType="HelloWorld" /> <Protocol Name="OpenIdConnect" PartnerClaimType="HelloWorld" /> </DefaultPartnerClaimTypes> <!-- I had the following line commented out --> <!--<UserInputType

Triggering email verification

一世执手 提交于 2019-12-11 02:41:42
问题 I am using custom policies. The user journey desired is: User enters the email/password on screen 1. On successful validation of screen 1, the user is sent to screen 2. In screen 2 user has to enter a code sent to their email. (Note the user has already verified the email during sign up) I am stuck at getting 2 to work. The current policy looks like this: Step 1 outputs email claim. Step 2 takes the email claim as input. In step 2 an editable text box with email prefilled is presented. No

Azure AD B2C Multi steps custom policy

喜你入骨 提交于 2019-12-07 19:30:16
问题 We are using Azure AD B2C custom policies for our sign up process and we have multiple steps (multiple screens) before actually creating the user in Azure AD B2C using the AAD-UserWriteUsingLogonEmail technical profile. Let's say we have 3 steps defined by the following 3 technical profiles: First step: <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail-FirstStep"> <DisplayName>Email signup</DisplayName> <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers

Azure AD B2C Multi steps custom policy

只愿长相守 提交于 2019-12-05 21:07:19
We are using Azure AD B2C custom policies for our sign up process and we have multiple steps (multiple screens) before actually creating the user in Azure AD B2C using the AAD-UserWriteUsingLogonEmail technical profile. Let's say we have 3 steps defined by the following 3 technical profiles: First step: <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail-FirstStep"> <DisplayName>Email signup</DisplayName> <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" /> <Metadata> <Item Key=

Azure AD B2C - Refresh_Token refresh claims via REST (Identity Experience Framework)

天涯浪子 提交于 2019-12-05 02:57:09
问题 We have Azure AD B2C setup to use Identity Experience Framework, and on sign-in/sign-up a REST call is made to get extra security credential claims via an Azure Function. This works fine. When we request an Access/Id Token via Refresh_Token via Azure AD B2C it looks like we get the same token back, and it doesn't call the REST API to get the latest updated token claims. Is it possible to make change this User Journey so it does? Is there another solution to refresh token without logging in

Invalid usename or password when sigining local account with Azure AD B2C Custom Policy

若如初见. 提交于 2019-12-04 15:52:31
问题 Scenario: When I started to do a test with AAD B2C Custom policy, I used this sample: active-directory-b2c-custom-policy-starterpack/SocialAndLocalAccounts/ I referred to this documentation to get started. I followed those steps and changed some values in the samples and have double checked the client_id and resource_id. When I tried to run the signup or signin policy, I failed to signin with a local account with error: (Though I can signin with soical account) Invalid username or password I