Our client wanted to change the Facebook application on our b2c tenant. I updated the custom policy but when a user logs in with his Facebook account that is already registered in our tenant it creates e new object-id on b2c. Is there a way to update de facebook application(client id and secret) on my custom policy and avoid the Facebook users to generate new object ids on my tenant?
0
votes
1 Answers
0
votes
In your updated Facebook-OAUTH TechnicalProfile, did you happen to use a different DefaultValue for the identityProvider OutputClaim? If that value is different, the alternativeSecurityId claim that is generated for Facebook user will be different as well, resulting in a new directory user.
If you follow the logic of the CreateAlternativeSecurityId output claims transformation, you'll that it ends up using the CreateAlternativeSecurityId TransformationMethod to build the alternativeSecurityId claim, so you get something like this.
{ "issuer": "facebook.com", "issuerUserId": "MTA4MTQ2MDgyOTI3MDUyNTYzMjcw"}
That alternativeSecurityId claim is used later in your SignUpOrSignIn UserJourney to read an existing user from the directory. If it can't find a user with the same generated alternativeSecurityId, it will write a new user with that ID.
If query the AAD Graph API for your Facebook users, you should see that they have different values (a different issuer) for userIdentities property where the collection of alternativeSecurityId claims from B2C are stored for a user.
