Share via

How to return claims to Azure B2C Custom Policy ClaimsProvider

Michał Filipkowski 0 Reputation points
2024-06-01T11:33:07.11+00:00

I have defined a ClaimsProvider, which calls an endpoint in my local flask application

<ClaimsProvider>
      <DisplayName>External Claims Source</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="GetUserClaimsFromAPI">
          <DisplayName>Get claims for user from external system.</DisplayName>
          <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
          <Metadata>
            <Item Key="ServiceUrl">http://localhost:5000/get_phone</Item>
            <Item Key="SendClaimsIn">Body</Item>
            <Item Key="AuthenticationType">None</Item>
            <Item Key="AllowInsecureAuthInProduction">true</Item>
          </Metadata>
          <OutputClaims>
            <!-- Claims parsed from your REST API -->
            <OutputClaim ClaimTypeReferenceId="phoneNumber" />
          </OutputClaims>
          <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>

I am not really sure how my application should send back the phone number.

I understand that I need to send POST with JSON body similar to:

{
	"phoneNumber": "+48123456789"
}

But not sure how to define an endpoint pointing back to Azure AD

EDIT:
After some research I stumbled upon Azure Functions, should I intergrate one endpoint using Azure Functions?

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Navya 19,795 Reputation points Microsoft External Staff Moderator
    2024-06-04T07:07:00.4033333+00:00

    Hi @Michał Filipkowski

    Thank you for posting this in Microsoft Q&A.

    I understand that you want to return phone number claim to Azure B2C Custom Policy Claims Provider.To get phone number claim to Azure B2C Custom Policy please follow below steps:

    1. Define a "Phone number" claim.
    2. Ask the user for their phone number.
    3. Persist the phone number to the user profile in the Azure AD B2C directory.
    4. Read the phone number claim from the Azure AD B2C directory on each sign-in.
    5. Return the phone number to your relying party application after sign-in or sign-up.

    Define a claim:

    Open the extensions file of your policy. For example, SocialAndLocalAccounts/TrustFrameworkExtensions.xml.

    1. Search for the BuildingBlocks element. If the element doesn't exist, add it.
    2. Locate the ClaimsSchema element. If the element doesn't exist, add it.
    3. Add the phone number claim to the ClaimsSchema element.

    Add a claim to the user interface:

    Find the ClaimsProviders element. Add a new phone number ClaimsProviders . I hope you have completed up to this step https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-user-input?pivots=b2c-custom-policy#add-a-claim-to-the-user-interface

    Read and write a claim:
    Use PersistedClaims to write data to the user profile and OutputClaims to read data from the user profile within the respective Active Directory technical profiles.

    Include a claim in the token:

    To return the phone number claim back to the relying party application, add an output claim to the SocialAndLocalAccounts/SignUpOrSignIn.xml file. The output claim will be added into the token after a successful user journey and will be sent to the application.

    <RelyingParty>
  <DefaultUserJourney ReferenceId="SignUpOrSignIn" />
  <TechnicalProfile Id="PolicyProfile">
    <DisplayName>PolicyProfile</DisplayName>
    <Protocol Name="OpenIdConnect" />
    <OutputClaims>
      <OutputClaim ClaimTypeReferenceId="displayName" />
      <OutputClaim ClaimTypeReferenceId="givenName" />
      <OutputClaim ClaimTypeReferenceId="surname" />
      <OutputClaim ClaimTypeReferenceId="email" />
      <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
      <OutputClaim ClaimTypeReferenceId="identityProvider" />
      <OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}" />
      <OutputClaim ClaimTypeReferenceId="phoneNumber" DefaultValue="" />
    </OutputClaims>
    <SubjectNamingInfo ClaimType="sub" />
  </TechnicalProfile>
</RelyingParty>

    Upload the policy files that you previously changed and test your updated custom policy. The token sent back to your application includes the phone number claim.

    For your reference, please refer this document: https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-user-input?pivots=b2c-custom-policy

    The ClaimsTransformations element contains a list of claims transformation functions that can be used in user journeys as part of a custom policy. A claims transformation converts a given claim into another one. To ConvertPhoneNumberClaimToString please refer this document: https://learn.microsoft.com/en-us/azure/active-directory-b2c/phone-number-claims-transformations#example-of-convertphonenumberclaimtostring

    Thanks,

    Navya.

    Hope this helps. Do let us know if you any further queries.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.