I am using an Azure B2C Custom Policy and attempting to replicate the User Flow "After federating with an identity provider during sign-up" API Connector call. I am using sign-up/sign-in with phone, and after SMS code verification, I collect first and last name and send a request to a Flask API where I store the user information in a database table. The problem is that inside of this API endpoint, when I return "action": "ShowBlockPage", accounts are still created in Azure B2C, so I think I have the API call too late in the journey.
<TechnicalProfiles>
<TechnicalProfile Id="LocalAccountInputNewPhoneNumber">
<DisplayName>Phone</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">newPhoneNumber</Item>
<Item Key="UserMessageIfClaimsTransformationInvalidPhoneNumber">Please enter a valid phone number and country code.</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
</CryptographicKeys>
<DisplayClaims>
<DisplayClaim DisplayControlReferenceId="phoneVerificationControl" />
</DisplayClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="userPrincipalName" />
<OutputClaim ClaimTypeReferenceId="firstName" />
<OutputClaim ClaimTypeReferenceId="lastName" />
<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="CombineCountryCodeAndNationalNumber" />
<ValidationTechnicalProfile ReferenceId="AAD-UserUpdatePhoneNumberUsingObjectId" />
<ValidationTechnicalProfile ReferenceId="REST-SignUp" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
<TechnicalProfile Id="LocalAccountSignUpWithLogonPhoneNumber">
<DisplayName>Phone</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">phoneSignUp</Item>
<Item Key="ClaimsProviderSelectionDisplayType">TextLink</Item>
<Item Key="UserMessageIfClaimsTransformationInvalidPhoneNumber">Please enter a valid phone number and country code.</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
</CryptographicKeys>
<InputClaimsTransformations>
<InputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
<InputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
</InputClaimsTransformations>
<DisplayClaims>
<DisplayClaim DisplayControlReferenceId="phoneVerificationControl" />
<DisplayClaim ClaimTypeReferenceId="firstName" />
<DisplayClaim ClaimTypeReferenceId="lastName" />
</DisplayClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="userPrincipalName" />
<OutputClaim ClaimTypeReferenceId="firstName" />
<OutputClaim ClaimTypeReferenceId="lastName" />
<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="CombineCountryCodeAndNationalNumber" />
<ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonPhoneNumber" />
<ValidationTechnicalProfile ReferenceId="REST-SignUp" />
</ValidationTechnicalProfiles>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
<TechnicalProfile Id="REST-SignUp">
<DisplayName>Determine if user already exists. If not, associate B2C info to customer info.</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ServiceUrl">myapiurl/sign-up</Item> <Item Key="SendClaimsIn">Body</Item>
<Item Key="AuthenticationType">Basic</Item>
<Item Key="DefaultUserMessageIfRequestFailed">Failed API request.</Item>
</Metadata>
<CryptographicKeys>
<Key Id="BasicAuthenticationUsername" StorageReferenceId="B2C_1A_BasicUsername" />
<Key Id="BasicAuthenticationPassword" StorageReferenceId="B2C_1A_BasicPassword" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="step" DefaultValue="PostAttributeCollection" AlwaysUseDefaultValue="true" />
<InputClaim ClaimTypeReferenceId="issuer" DefaultValue="devdgb.onmicrosoft.com" AlwaysUseDefaultValue="true" />
<InputClaim ClaimTypeReferenceId="client_id" DefaultValue="{OIDC:ClientId}" AlwaysUseDefaultValue="true" />
<InputClaim ClaimTypeReferenceId="policyId" DefaultValue="{Policy:PolicyId}" AlwaysUseDefaultValue="true" />
<InputClaim ClaimTypeReferenceId="ipAddress" DefaultValue="{Context:IPAddress}" AlwaysUseDefaultValue="true" />
<InputClaim ClaimTypeReferenceId="objectId" />
<InputClaim ClaimTypeReferenceId="signInNames.phoneNumber" />
<InputClaim ClaimTypeReferenceId="firstName" />
<InputClaim ClaimTypeReferenceId="lastName" />
</InputClaims>
</TechnicalProfile>