Why Does the Email Claim Need to be an Input Claim in my TechnicalProfile

Question

I tried passing in the email claim like I've passed in other claims to a Sign-Up policy but it didn't work. I had to add it as an <InputClaim> of my Technical Profile but I don't understand why.

In the below example, I pass in email and extension_MyCustomClaim. I don't display extension_MyCustomClaim but the value is being persisted.

My Leaf Policy

<TrustFrameworkPolicy ...>
    ...
    <RelyingParty>
        <DefaultUserJourney ReferenceId="MyUserJourney" />
        <TechnicalProfile Id="PolicyProfile">
            <DisplayName>PolicyProfile</DisplayName>
            <Protocol Name="OpenIdConnect" />
            <InputTokenFormat>JWT</InputTokenFormat>
            <CryptographicKeys>
                <Key Id="client_secret" StorageReferenceId="B2C_1A_MyClientSecret" />
            </CryptographicKeys>
            <InputClaims>
                <InputClaim ClaimTypeReferenceId="extension_MyCustomClaim" />
                <InputClaim ClaimTypeReferenceId="email" />
            </InputClaims>
            ...
        </TechnicalProfile>
    </RelyingParty> 
</TrustFrameworkPolicy>

My User Journey

<UserJourney Id="MyUserJourney">
    <OrchestrationSteps>
        <OrchestrationStep Order="1" Type="ClaimsExchange" ContentDefinitionReferenceId="api.signup-ext">
            <ClaimsExchanges>
                <ClaimsExchange Id="LocalAccountSignUp" TechnicalProfileReferenceId="LocalAccountSignUp" />
            </ClaimsExchanges>
        </OrchestrationStep>
        ...
    </OrchestrationSteps>
</UserJourney>

My Technical Profile

<TechnicalProfile Id="LocalAccountSignUp">
    <DisplayName>User ID signup with input claims</DisplayName>
    <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
    <Metadata>
        ...
    </Metadata>
    <CryptographicKeys>
        ...
    </CryptographicKeys>
    <InputClaims>
        <!-- why do I have to specify this here? -->
        <!-- The other claim like extension_MyCustomClaim are -->
        <!-- not specified here but are being persisted -->
        <InputClaim ClaimTypeReferenceId="email" />
    </InputClaims>
    <OutputClaims>
        <!-- uncommenting this claim will put it on the screen.  used for debugging -->
        <!-- <OutputClaim ClaimTypeReferenceId="extension_MyCustomClaim" /> -->
    </OutputClaims>
    ...
</TechnicalProfile>

---

If I add extension_MyCustomClaim as an <OutputClaim> it will show up on the screen w/ the value populated. I don't have to add it as an <InputClaim>.

I'm not understanding the inconsistency here.

---

Update

I was wrong...

If I add extension_MyCustomClaim as an <OutputClaim> it will show up on the screen w/ the value populated. I don't have to add it as an <InputClaim>.

is not true. The claim will show up on the screen but the value will not be populated.

Answer 1

For a "self-asserted" technical profile, declaring <InputClaims /> enables values to be passed in to the UI form.

For example:

<InputClaims>
    <InputClaim ClaimTypeReferenceId="email" />
</InputClaims>
<OutputClaims>
    <OutputClaim ClaimTypeReferenceId="email" Required="true" />
</OutputClaims>

This declares a form field that is bound to the email claim. A default or original value (defined by <InputClaim />) is passed in and the modified or submitted value (defined by <OutputClaim />) is passed out.