Signup with different email than the email passed as id_token_hint #466

adnan-ashfaq · 2022-09-28T20:46:50Z

adnan-ashfaq
Sep 28, 2022

Hi,

I am looking into the the same https://github.com/azure-ad-b2c/samples/tree/master/policies/invite. And was wondering that on step three after the user clicks the invite link, can a user siginup with different email than what is passed through id_token_hint (if the email field isn't read only),?

eskaufel · 2022-10-03T05:49:46Z

eskaufel
Oct 3, 2022

Have you looked at the profile or just the image? It seems to be using ReadOnlyEmail.

 <ClaimsProviders>
    <ClaimsProvider>
      <DisplayName>Local Account</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="LocalAccountSignUpWithReadOnlyEmail">
          <DisplayName>Email signup</DisplayName>
          <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
          <Metadata>
<-- .. -->
          </Metadata>
          <InputClaimsTransformations>
            <!--Sample: Copy the email to ReadOnlyEamil claim type-->  
            <InputClaimsTransformation ReferenceId="CopyEmailAddress" />
          </InputClaimsTransformations>
          <InputClaims>
            <!--Sample: Set input the ReadOnlyEmail claim type to prefilled the email address-->
            <InputClaim ClaimTypeReferenceId="ReadOnlyEmail" />
          </InputClaims>
          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="objectId" />
            <!-- Sample: Display the ReadOnlyEmail claim type (instead of email claim type)-->
            <OutputClaim ClaimTypeReferenceId="ReadOnlyEmail" Required="true" />
            <OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
            <OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
<-- .. -->
          </OutputClaims>
          <ValidationTechnicalProfiles>
            <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />
          </ValidationTechnicalProfiles>
          <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
        </TechnicalProfile>      
      </TechnicalProfiles>
    </ClaimsProvider>

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Signup with different email than the email passed as id_token_hint #466

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Signup with different email than the email passed as id_token_hint #466

adnan-ashfaq Sep 28, 2022

Replies: 1 comment

eskaufel Oct 3, 2022

adnan-ashfaq
Sep 28, 2022

eskaufel
Oct 3, 2022