Azure B2C custom policy - Is there a way to display a claim in a ClaimsProviderSelection orchestration step

Question

I am currently working with Azure B2C custom policies for my Auth flow.

I have a ClaimsProviderSelection orchestration step which shows the user two options:

1. Send code to their MFA email saved in authentication methods
2. Lost Email

What I would like to do is show the users email address through the use of a ClaimProvider in either the display text, or the button itself (see below)

If this is not possible, then I would love to be able to add a 'lost email' button on the verification control page itself - like so:

From what I have seen though, it seems this is only available with 'ForgotPasswordExchange' (as seen here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-password-reset-policy?pivots=b2c-custom-policy) for passwords and not authentication methods.

---

If anyone has any experience with customizing ClaimsProviderSelection steps, or adding custom links on orchestration steps your help would be greatly appreciated!

See below for code examples:

Orchestration step:

<OrchestrationStep Order="2" Type="ClaimsProviderSelection" ContentDefinitionReferenceId='api.MFAselections' >
  <Preconditions>
    <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
      <Value>strongAuthenticationEmailAddress</Value>
      <Value>strongAuthenticationPhoneNumber</Value>
      <Action>SkipThisOrchestrationStep</Action>
    </Precondition>
  </Preconditions>
  <ClaimsProviderSelections>
    <ClaimsProviderSelection TargetClaimsExchangeId="MFAVerifyEmailAddress" />
    <ClaimsProviderSelection TargetClaimsExchangeId="LostEmailExchange" />
  </ClaimsProviderSelections>
</OrchestrationStep>

Technical Profile:

<TechnicalProfile Id="MFA_VerifyEmailAddress">
  <DisplayName>SEND TO {Claim:strongAuthenticationEmailAddress} 
  </DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="ContentDefinitionReferenceId">MFAVerifyEmail</Item>
    <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
    <!-- <Item Key="setting.showContinueButton">false</Item> -->
    <Item Key="setting.showCancelButton">false</Item>
    <Item Key="UserMessageIfSessionDoesNotExist">You have exceeded the maximum time allowed.</Item>
    <Item Key="UserMessageIfMaxRetryAttempted">You have exceeded the number of retries allowed.</Item>
    <Item Key="UserMessageIfInvalidCode">You have entered the wrong code.</Item>
    <Item Key="UserMessageIfSessionConflict">Cannot verify the code, please try again later.</Item>
    </Metadata>
    <InputClaims>
      <InputClaim ClaimTypeReferenceId="MFAcomplete" DefaultValue="true" AlwaysUseDefaultValue='true'/>
    </InputClaims>
    <DisplayClaims>
      <DisplayClaim DisplayControlReferenceId="emailVerificationControl" />
    </DisplayClaims>
    <OutputClaims>
     <OutputClaim ClaimTypeReferenceId="MFAcomplete" DefaultValue="email" AlwaysUseDefaultValue='true' />
      <OutputClaim ClaimTypeReferenceId="isLostEmail" DefaultValue="false" AlwaysUseDefaultValue='true' />
    </OutputClaims>
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>

Answer 1

For anyone who is coming across this - this is what I ended up doing:

1. Add ContentDefinitionParameters with claim to UserJourneyBehaviors in your RelyingParty

<ContentDefinitionParameters> <Parameter Name="email">{Claim:maskedEmail}</Parameter> </ContentDefinitionParameters>

2. Use JS to grab email claim from source code, and insert to HTML

const parser = new URL(SETTINGS.remoteResource); let email = parser.searchParams.get('email');

Answer 2

Have you tried to do Output Claims transformation on the email, create a claim of type string, then append the email to it, in a previous step. And display that on the screen.