I'm trying to come up with a Azure AD B2C policy to lookup the user based on the email address provided in step 1.
How do I query AAD using the self asserted email address provided and then redirect the user to the social login provider they signed up with (if any)?
I have a rough draft for the Orchestration Step:
<OrchestrationStep Order="3" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AAD-UserReadIssuersUsingSignInName" TechnicalProfileReferenceId="AAD-UserReadIssuersUsingSignInName" />
</ClaimsExchanges>
</OrchestrationStep>
and for the technical profile
<TechnicalProfile Id="AAD-UserReadIssuersUsingSignInName">
<Metadata>
<Item Key="Operation">Read</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">false</Item>
<Item Key="UserMessageIfClaimsPrincipalDoesNotExist">An account could not be found for the provided user ID.</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.emailAddress" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="issuers" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="AssertAccountEnabledIsTrue" />
</OutputClaimsTransformations>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
</TechnicalProfile>
When I upload the policy I get 1 validation error.
Validation failed: 1 validation error(s) found in policy " *** " of tenant "*** .onmicrosoft.com".Output Claim 'issuers' is not supported in Azure Active Directory Provider technical profile 'AAD-UserReadIssuersUsingSignInName' of policy ' *** '. If it is a claim with default value, add AlwaysUseDefaultValue="true" to the output claim mapping.Output Claim 'issuers' is not supported in Azure Active Directory Provider technical profile 'AAD-UserReadIssuersUsingSignInName' of policy 'B2C_1A_SignUpSignInLSG_Test'. If it is a claim with default value, add AlwaysUseDefaultValue="true" to the output claim mapping
