Share via

Disable login_hint - Azure AD B2C

AmithShankar 0 Reputation points
2023-09-13T05:55:28.4333333+00:00

I am using the readily available 'Sign-In v2 UserFlow'. Whenever there is a session time out, the login page auto populates the email address of the user. I have figured out that the login url uses the login_hint property to set the user's email address. For security reasons, I want to disable auto populating of the email in the login screen.

This link that I found only instructs how to setup direct sign in. https://learn.microsoft.com/en-us/azure/active-directory-b2c/direct-signin?pivots=b2c-user-flow

But is there a way to disable it? If so, how can I disable the login_hint?

Microsoft Security Microsoft Entra Microsoft Entra External ID
Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator
    2023-09-14T05:07:55.8966667+00:00

    Hello @AmithShankar , the Azure AD B2C Sign-In v2 UserFlow does not enforce login_hint once the session has timed out. In fact once the user is authenticated Azure AD B2C will redirect the user to one of the registered redirect URIS, usually to your web app. The former may be the one that, after it's own session has timed out, redirects the user to the Azure AD B2C User Flow appending the login_hint parameter.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.