How to pass email suggestion to Azure AD B2C SignUp page

1
votes

Is there a way to suggest the signup email in a custom policy. I have users that need to signup only from invitational emails.

I saw in the docs (https://docs.microsoft.com/bs-latn-ba/azure/active-directory-b2c/direct-signin) that there is a way to suggest the login email in a custom policy Sign In by passing it as login_hint parameter in the request and adding DefaultValue="{OIDC:LoginHint} in the XML definition for "SelfAsserted-LocalAccountSignin-Email" TechnicalProfile. This works for Sign in but fails when I try to use the same trick in the "LocalAccountSignUpWithLogonEmail"

2
validationazure-ad-b2cemail

2 Answers

1
votes

As @chris-padgett mentioned, you can create an invitation link.

The WingTip Games Application uses client_assertion to pass JSON to the User Journey but this approach has been deprecated: see B2C Documentation.

The recommended way is to pass JSON to the user journey, using id_token_hint.

You can find more information in this GitHub repo: SignUp with email invitation.

  1. The application generates a sign-in invitation link(with a id_token_hint).
  2. User clicks on the link, that takes the user to Azure AD B2C policy.
  3. Azure AD B2C validates the input id_token_hint, asks the user to provide the password and user data (the email is read only).
  4. User clicks continue, Azure AD B2C creates the account, issues an access token, and redirect the user back to the application.
1
votes

For a code example for invitations, see the Wingtip Games application, which generates an invitation link that contains:

  • The e-mail address of the invited user
  • An invitation expiration, and
  • A HMAC-based signature

When the invitation link is opened, this application validates the HMAC-based signature and the invitation expiration and, if they are valid, then it redirects the invited user to an invitation policy.

This policy redirection contains a signed JWT with the email address of the invited user so that they must register with this email address.