I'm passing in custom attributes via JWT to my sign-up policies but the attributes are not persisting/saving.
I've verified I'm sending the values in the JWT.
I've temporarily displayed the values on the signup page and I'm seeing them.
I've verified the Technical Profile that saves the custom attributes to AD.
What else can I check?
It turns out, I renamed the attribute, extension_helloWorld to extension_HelloWorld, and that use-case is not supported. Apparently, you can't just change the casing of a custom attribute.
I had to delete the custom attribute and then it started saving! FYI, I used the Graph Explorer to delete the attribute.
Related
Trying to add an additional claim to our custom Sign In page on Azure ADB2C (using custom policies) to hold a captcha response token. But the custom policy won't render the element on the page.
I've tried the sample here:
https://github.com/jasjeetsuri/B2C-IEF-Custom-Policies/tree/master/LocalAccounts%20-%20Captcha%20Integration
But the additional field doesn't get rendered on the UI. Everything else is working, the captcha appears on the UI and when I log in I can see my validation API being called with the default value 0. I just can't get a DOM element to be rendered by the policy so I can set the response token.
I've tried:
Adding a custom User Attribute (e.g. captcha) and referring to it as extension_captcha
Updating the ContentDefinition to the latest
Using with the Required attribute set to True, this actually gave me an error message to say the value was missing however the field was never rendered on the page
Changing the CombinedSignInAndSignUp to ClaimsExchange but this reverted the custom Sign In UI back to the Microsoft default layout
I've gone through documentation here:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-user-input?pivots=b2c-custom-policy
and here:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-flow-custom-attributes?pivots=b2c-custom-policy
But no luck.
Does anyone know what the minimum config is to get this working?
I made the sample this way because it doesn’t work for combined sign in and sign up page. You would need two seperate policies and deep link between them.
I have created custom policy for Interactive login in Azure AAD B2C
The Sign In / Sign Up works fine
However now I added Custom User Attribute in my B2C thru Portal, and updated so my custom policy also for "extension_UserRole" custom policy
However it is not showing in sign in as well as JWT , Below is my custom policy
https://github.com/menikhilmittal/policyb2c
Please suggest changes
Input claims are used to pre-populate fields.
You need to give the extension attribute a value (CopyClaim? from another attribute) and have it as an output in both read and write.
If an output in sign up e.g. it will create a text box that you can populate.
You have also used both email and login hint to populate it?
After users has done the sign up I want to set some information and receive it in the token when they sign in.
In order to do that I am using custom attributes and setting the value using GraphAPI.
The way I add the custom attributes is as described here:
In your Azure AD B2C tenant, select User flows.
Select your policy (for example, "B2C_1_SignupSignin") to open it.
Select User attributes and then select the custom attribute (for example, "ShoeSize"). Click Save.
Select Application claims and then select the custom attribute.
Click Save.
Those attributes should not be a concern of the user so I am not doing the step number 3 and here is where the problem comes.
I am able to set/get the value of the custom attribute using Graph API but the attribute is not present in the token. If I do the step number 3 then the custom attribute appears in the token.
Is there any workaround to achieve having the custom attributes in the token without having them in the sign up screen?
The link above also says:
The custom attribute is now available in the list of User attributes
and for use in your user flows. A custom attribute is only created the
first time it is used in any user flow, and not when you add it to the
list of User attributes.
Which I believe is the reason why I can't see the attribute in the token, but I though that after setting it with GraphAPI and being able to read it, it would be in the token.
It's not true.
Based on my test, if we don't do the step number 3 but do the step number 4, the custom attribute won't appear in sign up page but still can be included in the token.
Please make sure that you have updated the custom attribute for the signed-in user and use the same user to sign in with that user flow where you didn't do the step number 3 but did the step number 4.
Kindly check it.
I have created a set of new User Attributes and used them in my new User flow (Policy) in Azure AD B2C.
These attributes are of data type "Boolean" but when I run the user flow I get a textbox input instead of a checkbox.
Usually, I get the possibility to change it on the portal but now I can not find where to do so now.
Have anything changed?
Once the custom user attribute is added, go to page layout. In my case the attribute to add is on the local account registration page, you select where you have added it or want to add it.
Below you will have appeared the user attributes that that part of the flow has (yours should appear). From there you change the type of ticket, you can also change if it is optional or mandatory ...
Go to Azure AD B2C > User flows (policies) > Your user flow > Page layouts.
The User attributes section of the Page layouts page allows you to change the user input type.
I have a custom policy which adds a custom value, HoldingId, to new users who sign up (using these docs) as the value is passed to the policy via the token (along with verified_email).
I was hoping to not need to create a custom policy for sign in, so used the Azure Portal UI to create the custom attribute against the b2c-extensions-app application (and am using the respective client and object ids to line it up with the custom policy), and using the Portal have added this custom attribute to the sign up/sign in policy claims.
Using the Graph API, I have been able to successfully confirm that the custom value is saving against newly signed up users (returning as extension_[AppId]_HoldingId), and these new users are able to sign in subsequently without issue using the built in sign in/sign up policy.
However, any users which already existed in the directory are no longer able to sign in. Unfortunately, because it's a built-in policy, I'm not sure of a way to dig into the logs a-la App Insights to see what's going on.
My suspicion is that because these existing users don't have this custom attribute against them, the built-in sign up/sign in policy is attempting to get this value and failing.
Is it possible to get the built-in policies to ignore this attribute on users who don't have this attribute set, or will I need to create a custom policy to handle this scenario with a default value?
For context, the HoldingId is not required for existing users (application needs to be backwards compatible). This is also my first venture into B2C, so I'm still learning many of these concepts.