Email verification box disappears when passing email from Facebook as input claim to self-asserted profile
We want to force users to provide and verify their email address even when they reject passing their email claim from Facebook.
We created an orchestration step which calls the following technical profile after coming back from Facebook:
<TechnicalProfile Id="SelfAsserted-ConfirmEmailSocial">
<DisplayName>Confirm email social</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true" />
</OutputClaims>
</TechnicalProfile>
If the user rejects the facebook setting, the code works as expected: The verification control is shown. However, if the user accepts the facebook setting, both the input field and the verification control disappear. (And the email gets pre-populated)
(Someone explains here stack overflow that the control is too dumb to realize that you want to verify the input claim https://stackoverflow.com/a/44429492/509464) but we haven't been able to get the suggested solution to work.
How can we force validation of emails provided in a previous orchestration step?
Update: It seems we could create a workaround by making the input claim read-only somehow. (But only if it was empty).
Yes the only option is making it read only, since otherwise we assume the passed in email is already verified, which it is with Facebook. If you change the email, then you must verify it. You could modify the JavaScript/css to show the controls. Or in the custom policy, use an input claim transform to copy the email claim into a new read-only claim id. Then pre-populate the form using input claim. Then display the claim using output claim.
- KeyCloak Integration with Azure B2C UserName Mapping Issue
- How do I programmatically clear or update a phone number for Azure AD B2C MFA?
- B2C - How to override sign up now link (custom policy)
- Azure B2C IdP-Access Token fails with IDX10511: Signature validation failed
- B2C Sign-up screen shows {OIDC:LoginHint} instead of the login
- During signIn receiving B2C error code ‘AADB2C99059’
- Azure B2C / WPF - Handling a failed MFA verification flow
- Assign B2C User to ExternalAzureAD identity
- AADB2C90304: User journey went into a bad state. Claims exchange with id 'LocalAccountSigninEmailExchange' could not be found in orchestration step
- "AADSTS900144: The request body must contain the following parameter: 'grant_type'.?
- Sign in to Azure B2C with an OpenID account (Microsoft Work email) but prevent user from signing up
- Azure b2c still authenticated after hitting logout
- Can Azure AD B2C send extension attributes without the extension prefix on a SAML token in a SAML IdP-initiated SSO flow?
- Azure B2C Signup page
- Azure B2C integration not working on app built using pwabuilder for iOS
- Azure AD B2C problem with Self-Service password reset
- use of b2clogin.com when acquiring token with Client Credential Grant Flow
- Azure B2C does not receive script information written in HTML files uploaded to storage
- Azure B2C: Edit Profile via a single page
- Azure b2c cutom policy signin validation profile
- Mendix and Azure Ad B2C AuthRequest does not have assertion consumer service URL
- Azure Active Directory B2C: How to query MS Graph to get a user's alternative security ID?
- Did B2C user creation defaults change regarding password reset?
- Refresh Tokens and MicrosoftIdentityWebApp
- ADB2C Social Log in - what is the difference between alternateSecurityId and userIdentity?
- To allow external client application users to access B2C Integrated client website
- Correlation failed in asp.net core
- Custom attribute as stringCollection on Azure AD B2C
- How to get detailed exception in Azure B2C Custom policy by Correlation ID?
- Authenticating with Azure AD B2C Issue