Azure AD B2C Custom Policy - Bind MultiCheckbox dynamically - azure

I am trying to implement multicheckbox with dynamic values in azure ad b2c custom policy claims schema.
Url : https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-configure-signup-self-asserted-custom
Example:
<ClaimType Id="city">
<DisplayName>Receive updates from which cities?</DisplayName>
<DataType>string</DataType>
<UserInputType>CheckboxMultiSelect</UserInputType>
<Restriction>
<Enumeration Text="Bellevue" Value="bellevue" SelectByDefault="false" />
<Enumeration Text="Redmond" Value="redmond" SelectByDefault="false" />
<Enumeration Text="Kirkland" Value="kirkland" SelectByDefault="false" />
</Restriction>
</ClaimType>
How to bind Restriction Enumerations with dynamic values rather than static values in policy XML? I am trying to bind a return value of rest API from user journey to MultiCheckBox.
Answer
Use javascript to generate multicheck box.
Use rest api call to get value(out put claim) that needs to be bind with multicheckbox.
Pass out put claim value to custom html page (self assertion page)
Use javascript to bind output claim and multicheckbox

IEF does not support dynamic values for collections as of now. This is an interesting scenario though.
One alternate could be to redirect to an OpenID Connect compliant provider and show such a screen there, and return appropriate claims.

Related

What is the data type?

I am using ADB2C's custom policies to create the screens.
What are the variable names and data types for user IDs and passwords in login and MFA?
Also, what are the variable names and data types for the phone number and confirmation code in MFA?
I don't know because it is not the source I described.
• According to the official Microsoft documentation, the username in Azure AD B2C custom policy is denoted by a variable attribute of ‘signInNames.userName’ and its datatype is ‘String’. Similarly, for password, the variable attribute assigned is ‘password’ and its datatype is ‘String’. For the phone number, the assigned attribute is ‘mobile’ or ‘mobilePhone’ and the datatype is ‘String’ but if you want to use that phone number for MFA in Azure AD B2C, the variable attribute for it is ‘strongAuthenticationAlternativePhoneNumber’ and its datatype is ‘String’. Rest for the confirmation code, there is no such defined attribute by default in Azure AD B2C as others specified earlier, but you can surely define a custom attribute for it by defining the ‘DisplayName’, ‘DataType’ and ‘UserInputType’ for the custom attribute as below: -
<!--
<BuildingBlocks>
<ClaimsSchema> -->
<ClaimType Id="city">
<DisplayName>City where you work</DisplayName>
<DataType>string</DataType>
<UserInputType>DropdownSingleSelect</UserInputType>
<Restriction>
<Enumeration Text="Berlin" Value="berlin" />
<Enumeration Text="London" Value="london" />
<Enumeration Text="Seattle" Value="seattle" />
</Restriction>
</ClaimType>
<!--
</ClaimsSchema>
</BuildingBlocks>-->
For more information regarding the above, please refer the below documentation links: -
https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-user-input?pivots=b2c-custom-policy#define-a-claim
https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-profile-attributes

Azure B2C login hint is not correct

I have an azure b2c custom flow. Everything works fine except when the user clicks the login button a hint shows up attached to the username that say “please match the requested format”. Why is this showing up? I don’t see anywhere in the base/extensions/ signup in files that has this restriction or message.
For this issue, the problem was related to the claim type. In my TrustFrameworkExtensions file, I needed to define a claimtype to override the default behavior. The required changes was to add a restrictions setting and HelpText. Something like this:
<ClaimType Id="signInName">
<DisplayName>Username</DisplayName>
<DataType>string</DataType>
<UserHelpText />
<UserInputType>TextBox</UserInputType>
<Restriction>
<Pattern RegularExpression="^[a-zA-Z0-9]*$" HelpText="Invalid username bro" />
</Restriction>
</ClaimType>

Collecting value of id_token_hint from url in AD B2C Custom policy

I'm using this article to pass id_token_hint to my custom policy, my requirement is there any way to collect the value from the URL and pass that in the load URI of content definition
What I did for this is used claim resolver, but this is not working. If I hardcode some value instead of {OAUTH-KV:id_token_hint} then that works.
<UserJourneyBehaviors>
<ContentDefinitionParameters>
<Parameter Name="id_token_hint">{OAUTH-KV:id_token_hint}</Parameter>
</ContentDefinitionParameters>
<ScriptExecution>Allow</ScriptExecution>
</UserJourneyBehaviors>
Also defined a claimtype (think this is not required to pass the value to load uri)
<ClaimType Id="id_token_hint">
<DisplayName>id_token_hint</DisplayName>
<DataType>string</DataType>
<UserHelpText>id token hint</UserHelpText>
</ClaimType>
But it is not sending the query string in my custom load URI in the content definition.
Edit:
If I pass the same value with another parameter say idtokenhint that works, but id_token_hint is not working.

Azure Active Directory B2C modify sign in to add custom attributes

I am using AD B2C custom policy for sign in sign up process. I am getting a custom attribute named "Worksapce" from user while signing up. Is it possible to add this custom attribute as a drop down to sign in custom UI page so that user can select their workspace while signing in?
As specified in the documentation here, you should define the "workspace" claim type in your policy file (the TrustFrameworkBase.xml might be a good place to put in) e.g. using a dropdown. The Restriction node of your xml should be used to specify all possible values for your dropdown.
Here an example:
<ClaimType Id="city">
<DisplayName>city where you work</DisplayName>
<DataType>string</DataType>
<UserInputType>DropdownSingleSelect</UserInputType>
<Restriction>
<Enumeration Text="Bellevue" Value="bellevue" SelectByDefault="false" />
<Enumeration Text="Redmond" Value="redmond" SelectByDefault="false" />
<Enumeration Text="Kirkland" Value="kirkland" SelectByDefault="false" />
</Restriction>
</ClaimType>
Then, You should add the claim to the sign up/sign in user journey. The official documentation explain how to accomplish those steps in a very detailed way here

Fetch ClaimType Enumerations via REST

We're happily enriching our claims via custom RESTful API, but is it possible to instead display the fetched claim values (comma delimetered, for example) in a drop-down and ask used to pick one?
<ClaimType Id="city">
<DisplayName>city where you work</DisplayName>
<DataType>string</DataType>
<UserInputType>DropdownSingleSelect</UserInputType>
<Restriction>
<!-- FETCH THESE VIA REST -->
<Enumeration Text="Bellevue" Value="bellevue" SelectByDefault="false" />
</Restriction>
</ClaimType>

Resources