Search code examples
azureactive-directoryazure-ad-b2cazure-ad-b2c-custom-policy

How to return a GUID in token from Azure AD B2C?

I want to generate a GUID from an Azure AD B2C custom policy every time the user logs in or signs up and return the same every time. I have seen in the Microsoft documentation that we can use a ClaimTransformer to generate a GUID, but I am not sure where to use the ClaimTransformer. Is it possible to add the GUID generation as an OrchestrationStep? [NB: I'm new to AD B2C]

Solution

  • I'm not sure why you just wouldn't use the object ID for the user as this GUID? If you need to know if this was an already established session you could use the claim objectIdFromSession - referenced in the SSO docs

    I might be missing the context, but these are the elements you would need.

    A new claim type to hold the GUID - Claim type doc

    <ClaimType Id="continuityGuid">
  <DisplayName>User's Continuity </DisplayName>
  <DataType>string</DataType>
  <AdminHelpText>Continuity GUID for the user.</AdminHelpText>
  <UserHelpText>Continuity GUID for the user.</UserHelpText>
</ClaimType>

    A claims transformation for creating the GUID - Claims Transformation doc

    <ClaimsTransformation Id="CP-CreateGuid" TransformationMethod="CreateRandomString">
  <InputParameters>
    <InputParameter Id="randomGeneratorType" DataType="string" Value="GUID" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="continuityGuid" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

    A technical profile to execute the claims transformation - Claims transformation protocol provider doc

    <TechnicalProfile Id="Initialise-NewGuid">
  <DisplayName>Create a new guid for the user</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
  </Metadata>    
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="continuityGuid" />
  </OutputClaims>
  <OutputClaimsTransformations>
    <OutputClaimsTransformation ReferenceId="CP-CreateGuid"/>
  </OutputClaimsTransformations>
</TechnicalProfile>

    Add the orchestration step... this will be up to you where is best to place it... perhaps just before the final step - Orchestration steps doc

    <OrchestrationStep Order="4" Type="ClaimsExchange">
  <ClaimsExchanges>
    <ClaimsExchange Id="Generate-NewGuid" TechnicalProfileReferenceId="Initialise-NewGuid"/>
  </ClaimsExchanges>
</OrchestrationStep>

    Output the GUID in the relying party section - Relying party doc

    <OutputClaim ClaimTypeReferenceId="continuityGuid" />