Azure B2C with pre-invited users

0
votes

I maintain an app where we use Azure AD B2C to authenticate.

The flow is this:

  1. Users are invited by email
  2. They click a link to sign up using a B2C signin/signup flow
  3. They fill in their info, including email address
  4. They are redirected to our app

Now, what bothers me is that the users have to enter in their email address, even though we already know it. We just invited them using their email address.

It has been suggested that we could send people to a password reset page instead. But that doesn't seem ideal either, since they then have to verify their email address, even though we just verified it. After all, they started the flow by getting an email.

In many cases the users mis-type their email address when they are asked for it. That creates a lot of new issues, because we now have two different email addresses for the same users.

2
azureazure-ad-b2c

2 Answers

1
votes

If you want to use custom policies, you can use the flow for password reset that has:

&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer &client_assertion=JWT

This puts the email address in a JWT so the user does not have to enter it.

1
votes

Similar question already answered @ How to pass email suggestion to Azure AD B2C SignUp page. Answer https://stackoverflow.com/a/56503578/341185 describes how to send invitations.

Alternate approach using Javascript in custom policies

You can use custom policies along with Javascript to show email of the user in email address text box.

Approach: While sending invitation link, send an extra query parameter like &[email protected] and follow below steps to show this email_hint value in email address text box

Steps:

  1. Enabling Javascript in custom policies https://docs.microsoft.com/en-us/azure/active-directory-b2c/javascript-samples
  2. Change page contract to allow custom policies to run javascript https://docs.microsoft.com/en-us/azure/active-directory-b2c/page-contract
  3. Update SignupOrSignin user journey to directly take to SignUp page https://stackoverflow.com/a/56503494/341185
  4. Update your blob HTML page to read query parameters and put the value inside email textbox
var urlParams = new URLSearchParams(window.location.search);
document.getElementById("email").value = urlParams.get('email_hint');

Click here for example request

Add your comments if you still require any other kind of approach than described above to fit into your business model.