Search code examples
azure-ad-b2cazure-ad-b2c-custom-policy

Extra field on sign-in selfasserted form is not rendered

Trying to implement an invisible Recaptcha on my sign-in selfasserted form. I'm using the same technique that I did on my sign up but I noticed that my custom attribute is not rendered in the DOM and not shown (I will make this invisible). I need extension_captchaToken to be part of the DOM and have it populated by Recaptcha through JavaScript. Can you let me know why?

<TechnicalProfile Id="SelfAsserted-LocalAccountSignin">
          <DisplayName>Local Account Signin</DisplayName>
          <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
          <Metadata>
            <Item Key="SignUpTarget">SignUpWithLogonEmailExchange</Item>
            <Item Key="setting.operatingMode">Email</Item>
            <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
          </Metadata>
          <IncludeInSso>false</IncludeInSso>
          <InputClaims>
            <InputClaim ClaimTypeReferenceId="signInName" />
          </InputClaims>
          <DisplayClaims>
            <DisplayClaim ClaimTypeReferenceId="signInName" Required="true" />
            <DisplayClaim ClaimTypeReferenceId="password" Required="true" />
            **<DisplayClaim ClaimTypeReferenceId="extension_captchaToken" Required="true" />**
          </DisplayClaims>
          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
            <OutputClaim ClaimTypeReferenceId="password" Required="true" />
            **<OutputClaim ClaimTypeReferenceId="extension_captchaToken" />**
            <OutputClaim ClaimTypeReferenceId="objectId" />
          </OutputClaims>
          <ValidationTechnicalProfiles>
            <ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
          </ValidationTechnicalProfiles>
          <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
        </TechnicalProfile>
Solution

  • If you're using a unifiedssp content definition template, or an orchestration step type of CombinedSignInOrSignUp, that will only render inputs for username/email and password.

    You could use claims resolvers to pass the extension_captchaToken claim to the site hosting your content definitions, as part of the URL. However, I think your content definition site would have to then incorporate that on its page server-side, client-side JavaScript runs on the merged B2C page not your content definition page.