All,
I'm using Azure AD B2C with custom IEF policies. Both the SignIn and SignUp Policies return the same claims.
My policy names are named B2C_1A_SignIn, B2C_1A_SignUp
If I'm doing the sign-up flow, the context.User that ends up on the WebAPI side has no email claim. If I'm doing the Sign-In flow, it has the email claim.
I've looked at all of the tokens in SessionStorage on the client side after a sign up and EVERY SINGLE JWT TOKEN there has the email claim in it.
The contents of a JWT token on the client side after sign-up is shown below:
{
"exp": 1565283437,
"nbf": 1565279837,
"ver": "1.0",
"iss": "https://**redacted**/654015a2-3419-4a3b-ac9e-84f39d106b2d/v2.0/",
"sub": "d0d27e7a-1e82-4d77-b80d-e5462bc7ee93",
"aud": "10896880-da14-4057-827b-886cfb847581",
"acr": "b2c_1a_signup",
"nonce": "08f7ed0c-8106-48ad-99f0-5891f2c22a2f",
"iat": 1565279837,
"auth_time": 1565279837,
"given_name": "Michael",
"family_name": "Gerety",
"email": "michael@**redacted**",
"tid": "654015a2-3419-4a3b-ac9e-84f39d106b2d"
}
Below is an instance of a JWT ID token after SignIn flow:
{
"exp": 1565284448,
"nbf": 1565280848,
"ver": "1.0",
"iss": "https://*redacted*.b2clogin.com/654015a2-3419-4a3b-ac9e-84f39d106b2d/v2.0/",
"sub": "d0d27e7a-1e82-4d77-b80d-e5462bc7ee93",
"aud": "10896880-da14-4057-827b-886cfb847581",
"acr": "b2c_1a_signin",
"nonce": "1fd749b2-bdbd-4491-a98e-b42dc5949e40",
"iat": 1565280848,
"auth_time": 1565280848,
"signInName": "michael@*redacted*",
"given_name": "Michael",
"family_name": "Gerety",
"tid": "654015a2-3419-4a3b-ac9e-84f39d106b2d"
}
Interestingly enough, the SignInName seems to come through in the sign-in flow. that claim does not exist in the sign up flow.
On the server side, it's configured as below:
.AddJwtBearer(jwtOptions =>
{
jwtOptions.Authority = $"https://**redacted**.b2clogin.com/{Configuration["B2CTenant"]}/{Configuration["B2CSignInPolicyTest"]}/v2.0";
jwtOptions.Audience = Configuration["B2CBuilderPortalAPIClientId"];
jwtOptions.Events = new JwtBearerEvents
{
OnMessageReceived = ctx =>
{
if (ctx.Request.Method.Equals("GET") && ctx.Request.Query.ContainsKey("accessToken"))
ctx.Token = ctx.Request.Query["accessToken"];
return Task.CompletedTask;
},
OnAuthenticationFailed = AuthenticationFailed
};
});
Any Suggestions?