2

I am working on integrating Azure AD B2C into an existing shopping cart application, replacing an existing user identity solution.

I have already created a custom policy to implement user registration / sign-up and integrated it into the normal account creation process. However, I am having a problem with integrating registration during the checkout process.

With the old IDP, the checkout process first collects the user's name and email address. After that has been collected, the user is given the option to create an account with that information (if they are not already logged in). In order to avoid confusing double-entry of the email address, I would like to pass the email address that the user already entered to the B2C sign-up policy and have it fill in the email address input on the form.

Is there any way to do this? I don't find anything like this being addressed in the B2C documentation.

Jack A.
  • 4,245
  • 1
  • 20
  • 34

2 Answers2

5

Based on the documentation linked by @JasSuri, I was able to come up with a solution.

To implement this, you modify the sign-up technical profile. You must add three things:

  1. Add item IncludeClaimResolvingInClaimsHandling with value true to the metadata
  2. Add a DefaultValue attribute to the email input claim with an appropriate claims resolver notation as the value
  3. Add an AlwaysUseDefaultValue attribute to the email input claim with true as the value

I used an Oauth2 key-value claims resolver (which supports arbitrary query string parameters) and a query parameter named register_email.

The resulting technical profile looks like this:

<TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
  <DisplayName>Email signup</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
    <Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
    <Item Key="language.button_continue">Create</Item>
    <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item> <!-- ADD THIS -->
  </Metadata>
  <CryptographicKeys>
    <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
  </CryptographicKeys>
  <InputClaims>
    <!-- ADD DefaultValue AND AlwaysUseDefaultValue ATTRIBUTES BELOW -->
    <InputClaim ClaimTypeReferenceId="email"
        DefaultValue="{OAUTH-KV:register_email}"
        AlwaysUseDefaultValue="true" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="objectId" />
    <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true" />
    <OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
    <OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
    <OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
    <OutputClaim ClaimTypeReferenceId="authenticationSource" />
    <OutputClaim ClaimTypeReferenceId="newUser" />
  </OutputClaims>
  <ValidationTechnicalProfiles>
    <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />
  </ValidationTechnicalProfiles>
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
Jack A.
  • 4,245
  • 1
  • 20
  • 34
4

You can use a sign up policy with a claims resolver. Send the email in the query parameter. It’ll prepopulate the email into the text box.

https://learn.microsoft.com/en-us/azure/active-directory-b2c/claim-resolver-overview

Jas Suri - MSFT
  • 10,605
  • 2
  • 10
  • 20