I have an azure ADB2C tenant where I'm using built-in, sign-in sign-up policies.
I want to be able to provide users with a custom unique field while sign up.
I am able to add a custom attribute. Is there a way I can add a unique constraint on it such that every user has a unique value for this field while they sign up or are prompted to reenter the value.
Any help will be appreciated. Thank you
You could create a custom attribute by using built-in for the sign-up policy, the B2C custom attribute only supports three data types: string, boolean(true or false), and int.
And as I know, the three data types cannot make sure the value to be unique for each user. For the details, please read here.
Related
I have created custom policy for Interactive login in Azure AAD B2C
The Sign In / Sign Up works fine
However now I added Custom User Attribute in my B2C thru Portal, and updated so my custom policy also for "extension_UserRole" custom policy
However it is not showing in sign in as well as JWT , Below is my custom policy
https://github.com/menikhilmittal/policyb2c
Please suggest changes
Input claims are used to pre-populate fields.
You need to give the extension attribute a value (CopyClaim? from another attribute) and have it as an output in both read and write.
If an output in sign up e.g. it will create a text box that you can populate.
You have also used both email and login hint to populate it?
When i read the documentation from microsoft for Azure B2C, it mentions that we can collect user attributes during the sing up flow.
I have a requirement where i need to get a input from the user during the sign in flow. Other than the username and password entered during the sign in, i need the user to enter another field.
Is there an option to do the above in the sign in flow?
You need to use a custom policy.
It will allow you to add any extra pages and/or logic to any journey.
Samples: https://github.com/azure-ad-b2c/samples
Another way of collecting user input (eg. an additional field in the sign-up form) during sign-up without using custom policies is as follows:
In the Azure B2C set up an additional User Attribute of the type String
In the specific sign-in flow require this User Attribute to be collected.
If needed, you can customize the wording and default values used in the form by supplying a language override in the specific flow.
After users has done the sign up I want to set some information and receive it in the token when they sign in.
In order to do that I am using custom attributes and setting the value using GraphAPI.
The way I add the custom attributes is as described here:
In your Azure AD B2C tenant, select User flows.
Select your policy (for example, "B2C_1_SignupSignin") to open it.
Select User attributes and then select the custom attribute (for example, "ShoeSize"). Click Save.
Select Application claims and then select the custom attribute.
Click Save.
Those attributes should not be a concern of the user so I am not doing the step number 3 and here is where the problem comes.
I am able to set/get the value of the custom attribute using Graph API but the attribute is not present in the token. If I do the step number 3 then the custom attribute appears in the token.
Is there any workaround to achieve having the custom attributes in the token without having them in the sign up screen?
The link above also says:
The custom attribute is now available in the list of User attributes
and for use in your user flows. A custom attribute is only created the
first time it is used in any user flow, and not when you add it to the
list of User attributes.
Which I believe is the reason why I can't see the attribute in the token, but I though that after setting it with GraphAPI and being able to read it, it would be in the token.
It's not true.
Based on my test, if we don't do the step number 3 but do the step number 4, the custom attribute won't appear in sign up page but still can be included in the token.
Please make sure that you have updated the custom attribute for the signed-in user and use the same user to sign in with that user flow where you didn't do the step number 3 but did the step number 4.
Kindly check it.
In my application I have the following scenario:
Users first register in the application Using SignUp-SignIn user flow, so at that point the user is created in Azure AD B2C. Then when the users starts to use the application I want to add some information to the user and retrieve it in the token during the next authorizations.
The information I want to add to the user is the following:
1- Identifier I use in my database to store data related to that created user
2- Some application role (e.g. customer, shop owner...) - here, it would be great if I can prevent users to make requests based on that role, but not a big deal to check it in the code after the request is executed
The idea I have is to use Graph API and assign this data in a custom attribute to the users, so this data is always managed by the API and user can't change it himself.
Then I am thinking if mixing that approach with groups could be also and option so some requests will be only available for users that belong to some group.
What is the best approach to achieve my requirements?
Out-of-the-box AAD B2C SignUp-SignIn user flow does not expose any functionality related to Security Groups.
If you want to use group claims in B2C, choose to add some custom code through custom (IEF) policies. See this answer and this post.
In order to achieve your requirements, you could use custom attribute which you have mentioned.
Please note that if you don't want the user to set the custom attribute by themselves, you don't need to do this 3rd step under "Use a custom attribute in your user flow":
Select User attributes and then select the custom attribute (for example, "ShoeSize"). Click Save.
After you create the custom attribute, you can Get the application properties and Using custom attribute with MS Graph API.
Update the custom attribute for a user with Microsoft Graph:
PATCH https://graph.microsoft.com/v1.0/users/userID
{"extension_831374b3bd5041bfaa54263ec9e050fc_ShoeSize": "123"}
Then you can get the custom attribute claim in token like this: "extension_ShoeSize": "123".
Is there a way to set a default value for a custom attribute in Azure AD B2C?
I have an boolean attribute which indicates if a user has signed all agreements. The users will be created by Microsoft Graph API and I want to predifine the value for this attribute, so that I don't have to set it when the user is created.
Thank you in forward!
Best regards
Matthias
No. It's not supported by AAD B2C currently.
No matter whether you use Microsoft Graph or User flow / Custom policy, the custom attribute should be set when the the user is created into the AAD, then the default value of custom attribute can be saved.
I don't think this is a difficult job. Just add one more line when creating the user:
{
"extension_8adbe99219ca4e689a5030b5af068847_YesOrNo": true
}
Besides, from a design perspective, this custom attribute should be updated after the user signs the agreement. It seems that predefining its value at the time of user creation is not necessary.