Hi,
This is the scenario that I have got for an only sign in policy:
1.- user introduces email and password.
2.- user receives OTP to his signing email address.
3.- user introduces otp and gets verified.
4.- user is signed in and token is issued.
Using the policies in the starter pack I have tried the following:
<UserJourney Id="SignIn">
<OrchestrationSteps>
<OrchestrationStep Order="1"
Type="CombinedSignInAndSignUp"
ContentDefinitionReferenceId="api.localaccountsignin">
<ClaimsProviderSelections>
<ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
</ClaimsProviderSelections>
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSigninEmailExchange"
TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
</ClaimsExchanges>
</OrchestrationStep>
<!-- This step reads any user attributes that we may not have received when in the token. -->
<OrchestrationStep Order="2"
Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadWithObjectId"
TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="3"
Type="SendClaims"
CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
<!-- Track that we have successfully sent a token -->
</OrchestrationSteps>
The problem is that I am stack at this point: I have changed the following technical profile:
<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
<DisplayName>Local Account Signin</DisplayName>
<Protocol Name="Proprietary"
Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="SignUpTarget">SignUpWithLogonEmailExchange</Item>
<Item Key="setting.operatingMode">Email</Item>
<Item Key="ContentDefinitionReferenceId">api.localaccountsignin</Item>
<Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInName"
DefaultValue="{OIDC:LoginHint}"
AlwaysUseDefaultValue="true" />
<!--InputClaim ClaimTypeReferenceId="email" /-->
</InputClaims>
<OutputClaims>
<!--OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true" /-->
<OutputClaim ClaimTypeReferenceId="signInName"
Required="true" />
<OutputClaim ClaimTypeReferenceId="password"
Required="true" />
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
</ValidationTechnicalProfiles>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
But the user verifies the email first then, asks for username and password, so there are 2 places where to put the email address (wrong), and the verification comes before the authentication. How do I fix this?