I have the following flow for sign in / sign up, when using sign-up:
- Present user with sign up screen, allow them to enter email/password/name
- Validate input, then send email (rest api) and set verification attributes in b2c custom extension properties
User then receives email with verification link
- User clicks link from email and gets sent to a new user journey for the return trip
- New user journey gets parameters from the querystring (email + verif code)
- B2C validates the verif code + expiry
- IF user is verified, they're set as verified via custom extension attributes, then sent to the (ASP.NET MVC) application.
- Here's where I'm stuck - B2C is sending the jwt token back to the app, but the user doesn't get 'signed-in'.
Am I missing something at step 7? I don't have the "state" variable in my querystring, am I expected to build and include it somehow so that B2C and the app can communicate? I'm lost at this point. I'd post some of the b2c policy xml but not sure what would even help...
EDIT: reply to Jas:
Is that the only way (make an app call b2c for an auth request)? We have multiple apps that a user can use to sign up through b2c, so I was hoping to avoid having to make changes to each of them. Instead I was hoping that B2C could tell the app after account verification that "this user is ok".
I did previous look at https://github.com/azure-ad-b2c/samples/tree/master/policies/sign-in-with-magic-link (written by you!), but again, was hoping I could avoid having to do that work inside of each of our apps.
Here's an example of the jwt 'id_token' I'm trying to pass to the app:
Side note: Is 'id_token' the same as 'id_token_hint'? I couldn't find whether they're the same or different when googling it.
