IEF Custom Policy to allow Phone or Email Login to same Local Account

Question

Hi,

I was trying to find a way to build a custom policy to create a local account with both email and phone verified. Email and phone are the only required information, since I will complete the user data in my own application and fetching it during sign in from an external database to complete the user claim information.

So for signup flow I want that:

1. User enter their email
2. Verify email
3. Ask user phone
4. Verify phone
5. Create local account

For user signin:

1. User enter phone or email in the input
2. If phone send the verification code
3. If email send the verification email
4. User logged in

I already followed Phone Password Less Sample and Dynanmic Sign and Singup sample. But I didn't find a way to not have duplicated user accounts. How can I achieve that flow?

Answer 1

@Mateus Saggin

Thank you for your time and patience. I was able to dig through this and found that we don't have a direct sample available but we have a base and RP policy available which could be customized as per requirement.

• Phone_Email_Base.xml where you could customize the user journey by skipping the user Journey 1 and use the following as first user journey :

UserJourney Id="SignUpOrSignInWithPhoneOrEmail">
      <OrchestrationSteps>
        <OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="signuporsignin-phone-email">
          <ClaimsProviderSelections>
            <ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninPhoneEmailExchange" />
            <ClaimsProviderSelection TargetClaimsExchangeId="SignUpWithEmail" />
            <ClaimsProviderSelection TargetClaimsExchangeId="SignUpWithPhone" />
            <ClaimsProviderSelection TargetClaimsExchangeId="ChangePhoneNumber" />
          </ClaimsProviderSelections>
          <ClaimsExchanges>
            <ClaimsExchange Id="LocalAccountSigninPhoneEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Phone-Email" />
          </ClaimsExchanges>
        </OrchestrationStep>
        <OrchestrationStep Order="2" Type="ClaimsExchange">
          <Preconditions>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
              <Value>isLocalAccountSignIn</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
              <Value>objectId</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
          </Preconditions>
          <ClaimsExchanges>
            <ClaimsExchange Id="SignUpWithPhone" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonPhoneNumber" />
            <ClaimsExchange Id="SignUpWithEmail" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />
            <ClaimsExchange Id="ChangePhoneNumber" TechnicalProfileReferenceId="PhoneInputPage-ChangePhoneNumberClaimsProviderSelection" />
          </ClaimsExchanges>
        </OrchestrationStep>
        <OrchestrationStep Order="3" Type="ClaimsExchange">
          <Preconditions>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
              <Value>isLocalAccountSignIn</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
              <Value>isEmailSignUp</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
              <Value>isChangePhoneNumber</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
          </Preconditions>
          <ClaimsExchanges>
            <ClaimsExchange Id="SignUpWithPhone_CollectEmailAddress" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonPhoneNumber_CollectEmailAddress" />
          </ClaimsExchanges>
        </OrchestrationStep>
        <OrchestrationStep Order="4" Type="InvokeSubJourney">
          <Preconditions>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
              <Value>isLocalAccountSignIn</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
          </Preconditions>
          <JourneyList>
            <Candidate SubJourneyReferenceId="SignInWithPhoneOrEmail" />
          </JourneyList>
        </OrchestrationStep>
        <OrchestrationStep Order="5" Type="InvokeSubJourney">
          <Preconditions>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
              <Value>isChangePhoneNumber</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
          </Preconditions>
          <JourneyList>
            <Candidate SubJourneyReferenceId="ChangePhoneNumber" />
          </JourneyList>
        </OrchestrationStep>
        <OrchestrationStep Order="6" Type="ClaimsExchange">
          <Preconditions>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
              <Value>hasFullProfile</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
          </Preconditions>
          <ClaimsExchanges>
            <ClaimsExchange Id="AADUserReadWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
          </ClaimsExchanges>
        </OrchestrationStep>
        <OrchestrationStep Order="7" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
      </OrchestrationSteps>
      <ClientDefinition ReferenceId="DefaultWeb" />

• Once customized then you could follow SignUpOrSignInWithPhoneOrEmail.xml for your extensions/ relying party.

Please do let me know if you have any queries in the comments section.

Thanks,

Akshay Kaushik

Please "Accept the answer", and share your feedback (Yes/No) if the suggestion works as per your business need. This will help us and others in the community as well.