Is there a “Default” profile edit page in Azure AD B2C and if so, how can user access it?

1
votes

I have Azure AD B2C tenant set up with a signin/signup policy which includes sign up attributes of Email Address and Postal Code.

When anyone access any URL in the API secured by that tenant, then they get the nice Default Signin/Signup screen, and if they are signing up, then there is an text box where they can enter their postcode.

My question is, is there an equivalent Default Profile Edit page where user can see/edit their Profile (which would consist of email + postal code only [although I believe that based on Can we change email address of user from "Profile editing policies" in Azure AD B2C? actually email wouldn't be editable, so lets say just Postal Code].

If there is a way for a users to "log in" and see/edit their profile via a default profile edit screen and if so, what is the URL for that? https://login.microsoftonline.com/static//somthing?

Or can the user's profile editing only be done via either a Page UI Customization or via a separate web page plus Graph API calls only?

2
azure-active-directoryazure-ad-b2c

2 Answers

1
votes

As per the sign-up or sign-in policy, you can create a profile editing policy, which enables an end user to view and edit the profile attributes for their local account.

The end user can't edit their e-mail address via this profile editing policy.

You can otherwise implement the profile editing UI and integrate through the Graph API to get and set the profile attributes for the local account.

2
votes

OK I think I've answered my own question here. I now see that on the Profile Editing Policy blade, there is a Run Now endpoint

https://login.microsoftonline.com/yourtenantname.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1_EditProfilePolicyOrWhateverYourEditPolicyIsCalled&client_id=your-application-id-guid&nonce=defaultNonce

When I run that end point I get a very basic editing screen showing the Profile attributes.

This is the kind of thing I was driving at in my question.

Also, not sure how I didn't previously see https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-quickstarts-web-app

It has lots of information and in the "test drive an Azure AD B2C Web app" section shows what I need to know pretty much exactly.

Finally, this document https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-oidc#send-a-sign-out-request has a lot of information including how to log out:

GET https://login.microsoftonline.com/fabrikamb2c.onmicrosoft.com/oauth2/v2.0/logout?p=b2c_1_sign_in&post_logout_redirect_uri=https%3A%2F%2Faadb2cplayground.azurewebsites.net%2F