Azure AD B2C: How to reference built in claims in custom policies?

2
votes

I am writing a custom policy for AAD B2C and need to include some built-in claims (country/region, postalcode, city, address).

I've used the starter pack and noticed that even claims like e-mail are declared in the schema on TrustFrameworkBase ClaimSchema element like the sample below, some of them references a DefaultPartnerClaimTypes element by protocol:

<ClaimsSchema>
...

  <ClaimType Id="displayName">
        <DisplayName>Display Name</DisplayName>
        <DataType>string</DataType>
        <DefaultPartnerClaimTypes>
          <Protocol Name="OAuth2" PartnerClaimType="unique_name" />
          <Protocol Name="OpenIdConnect" PartnerClaimType="name" />
          <Protocol Name="SAML2" PartnerClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" />
        </DefaultPartnerClaimTypes>
        <UserHelpText>Your display name.</UserHelpText>
        <UserInputType>TextBox</UserInputType>
      </ClaimType>
...
      <ClaimType Id="email">
        <DisplayName>Email Address</DisplayName>
        <DataType>string</DataType>
        <DefaultPartnerClaimTypes>
          <Protocol Name="OpenIdConnect" PartnerClaimType="email" />
        </DefaultPartnerClaimTypes>
        <Restriction>
          <Pattern RegularExpression="^[a-zA-Z0-9.!#$%&amp;'^_`{}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$" HelpText="Please enter a valid email address." />
        </Restriction>
      </ClaimType>
...
</ClaimsSchema>

These are text typed claims and the e-mail claim for instance has a regex restriction to validate email adress, my question is regarding a country/region claims for example, which in the built in claim are enumeration restricted and presented as dropdown. Is it possible to reference it from my custom policy without defining all elements and rules? Simply reference the built-in ClaimType?

Thank you

1
azure-ad-b2c
Hi Alex, I meet the same problem as you. So what is your final decision? I also want to reuse the build-in claims contry/region in custom policy. But I don't want to list all the countries in <Restriction /> element in custom policy, do you find some other approach?PhineasJ

1 Answers

1
votes

The country claim is mapped to the country property of the user object. The country property of a user object can contain any string value.

So it's up to the policy developer to determine if the country claim should be limited to a well-known list of values or not.

If so, then you must add the <Restriction /> element to the claim type.