CODEWITHSUNDEEP
azure-ad-b2c-custom-policyazure-ad-b2c
Kev
Kev

Reputation: 73

Prepopulate values on Azure b2C from the query parameters using Custom Policies

I have followed the instructions provided in Any way to provide default values for inputs in an Azure AD B2C custom policy? .

Unable to get the query parameter and save it on Azure B2C

The GivenName shows as NULL.

My technical profile looks like this:

<TechnicalProfile Id="LocalAccountSignUpWithLogonName">
    <DisplayName>Sign Up with Username</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
    <Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
    <Item Key="LocalAccountType">Username</Item>
    <Item Key="LocalAccountProfile">true</Item>
    <Item Key="language.button_continue">Create</Item>
    <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item> 
  </Metadata>
  <CryptographicKeys>
    <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
  </CryptographicKeys>
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="signInName" />
    <InputClaim ClaimTypeReferenceId="extension_mfaByPhoneOrEmail" DefaultValue="SKIPMFA" />
    <InputClaim ClaimTypeReferenceId="givenName"  DefaultValue="{OAUTH-KV:name}"  AlwaysUseDefaultValue="true"/>
  </InputClaims>

My url: https://test.b2clogin.com/test.onmicrosoft.com/B2C_1A_SUSI_MFA_phone_or_email_New/api/CombinedSigninAndSignup/unified?local=signup&csrf_token=Vzlka1JLZVBnZ05nQytEeElZZktqWW9OUmFXbHk1SHBWMGErWVRYQ3VLTVBjaWc3OVNLYlczOEZnQXpMVmdhN2t2aVd0SWlSek5PM3dRdTY0SE9XMXc9PTsyMDIyLTAzLTIzVDIwOjM0OjEyLjgyMzAwMTFaOzZHUzk3T0pGMWJLSWxySkJOSWVVUGc9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==&tx=StateProperties=eyJUSUQiOiI1NjgzMzRmNC1iMWVkLTRlNDQtODE0Mi1mOGNjOTQ5YjgyZjEifQ&p=B2C_1A_SUSI_MFA_phone_or_email_New&name=TestAccount

Thanks

Upvotes: 7

Views: 2817

Answers (1)

David Hoerster
David Hoerster

Reputation: 28701

You need to add the query string parameter to the initial request to the /authorize endpoint when you initiate the B2C session. Instead of the URL you posted (which looks like you're adding the query string parameter to a call after the B2C session has started), if you call something like this:

https://test.b2clogin.com/test.onmicrosoft.com/B2C_1A_SUSI_MFA_phone_or_email_New/oauth2/v2.0/authorize?client_id=XXX&nonce=ABC123&redirect_uri=https://jwt.ms&...&name=TestAccount

the name query string parameter should get pulled out and you can reference it in your Technical Profile.

In a test tenant of mine, I use this URL that has a favFood query string parameter at the end:

https://<tenant>.b2clogin.com/<tenant>.onmicrosoft.com/oauth2/v2.0/authorize?p=<policy_name>&client_id=<client_id>da&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fjwt.ms&scope=openid&response_type=id_token&prompt=login&qsFavFood=ice%20cream

And by using a Claims Resolver like you are in a Technical Profile (I'm using a ClaimsTransformationProtocolProvider instead), my response in jwt.ms shows the captured value as a claim:

{ 
 <jwt_header_stuff>
}.{
  ...
  "nonce": "defaultNonce",
  "iat": 1648236227,
  "auth_time": 1648236227,
  "reduri": "https://jwt.ms/",
  "qsFavFood": "ice cream",
  ...
}.[Signature]

Upvotes: 4

Related Questions