anonymous user
Thank you for following up on this and for sharing some more details! I'll summarize your issue below for my understanding.
Issue:
You intend to use the Create User REST API - users will navigate to your custom sign-in/sign-up page, enter in their info, and this'll be used in the body of the post request to Create the User. However, the issue is that no email verification is sent when using the REST API, to confirm that the email entered is valid. Lastly, creating this app and custom sign-in/sign-up page will prevent a redirect to the /b2clogin.com
endpoint.
Findings:
After creating a social and local account in my B2C tenant with the Create User REST API, I never received a verification email as you mentioned. However, when logging in with the user that I created, if the email provided during login was valid, I was redirected to the federated IDP (yahoo.com), but if the email I provided was incorrect, I was never able to login.
Note: Creating a Local B2C account using the REST API, I didn't have any issues since the user was created specifically for the B2C tenant.
**Logging in with the email address provided during sign up: **
Create a user with social and local account identities
#When creating social accounts using the Create User REST API, you're asked to provide the SignInType and Issuer in the request body
{
"signInType": "federated",
"issuer": "yahoo.com",
"issuerAssignedId": "5eecb0cd"
}
- Because
signInType
isFederated
andIssuer
isyahoo.com
, when a user signs into your app they'll be redirected to the federated IDP for authentication. - In this case, because I only provided one "valid" email address, I wasn't able to login with the invalid email address.
Since the social account provided during sign-up is verified by the IDP, in this case yahoo, the user's email verification is occurring during login - if the user provided an invalid email address, they won't be able to login to your tenant.
----------------------------
When it comes to email verification through the Create User REST API, this currently isn't possible. If you'd like this to be a feature of the API, I'd recommend leveraging our User Voice forum and creating a feature request, so our engineering team can look into implementing this. I've also created an internal feature request, so our engineering team is aware of this as well.
Because email verification isn't available through the Create User REST API, I'd also recommend looking into leveraging our Customize the user interface with HTML templates in Azure Active Directory B2C documentation, this way you can still make a custom login page, but at the same time leverage B2C user flows where you can require email verification.
Disable email verification during customer sign-up in Azure Active Directory B2C - This link shows how to disable email verification within a B2C user flow, but the same steps apply when requiring email verification.
I hope this helps!
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.