Azure AD B2C custom Password reset policy won't validate e-mail with + char\sign

问题

The user could signup and can sign in just fine using Azure AD B2C with an email that contains +. However, when clicking "Forgot password" link on the sign-in page and entering their e-mail with a + char the following error is displayed:

I saw 2 related issues on Azure's feedback site:

allow plus sign in email addresses [ there's a comment by user Naud van Onna that matches this question. ]

I've seen a successful sign-up using a '+' symbol in the email address as well. Unfortunately the password reset functionality is not working using an email address with a '+' symbol.

and

Support plus-addressing in emails, which is invaluable for testing [ in this one it's mentioned e-mail sub-addressing feature which describes our situation. We use the + e-mail addresses to test our application. ]

Is there any place in the custom policies .xml files where I can enter a custom regex to validate this e-mail address and allow the + sign?

I saw <TechnicalProfile Id="LocalAccountDiscoveryUsingEmailAddress"> in TrustFrameworkBase.xml file but I'm not sure where to modify it...

<!-- This technical profile forces the user to verify the email address that they provide on the UI. Only after email is verified, the user account is
        read from the directory. -->
        <TechnicalProfile Id="LocalAccountDiscoveryUsingEmailAddress">
.
.
.

回答1:

Well... after a little bit more research I found the error message "Please enter a valid e-mail address." in the email ClaimType inside TrustFrameworkBase.xml.

<ClaimType Id="email">
<DisplayName>Email Address</DisplayName>
<DataType>string</DataType>
<DefaultPartnerClaimTypes>
  <Protocol Name="OpenIdConnect"
    PartnerClaimType="email" />
</DefaultPartnerClaimTypes>
<UserHelpText>Email address that can be used to contact you.</UserHelpText>
<UserInputType>TextBox</UserInputType>
<Restriction>
  <Pattern RegularExpression="^[a-zA-Z0-9.!#$%&amp;'^_`{}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$"
    HelpText="Please enter a valid email address." />
</Restriction>
</ClaimType>

This regex

^[a-zA-Z0-9.!#$%&'^_`{}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$

is the one that validates the email... we just need to tweek it so that it accepts the + sign like this:

^[a-zA-Z0-9.+!#$%&'^_`{}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$

Microsoft doc about ClaimsSchema.

来源：https://stackoverflow.com/questions/58646052/azure-ad-b2c-custom-password-reset-policy-wont-validate-e-mail-with-char-sign