Azure AD B2C Custom OTP Verification Unable to Add Send New Code Button/Link

Question

Azure AD B2C Custom OTP Verification Unable to Add Send New Code Button/Link

Evan Levy 20

I have an Azure AD B2C custom policy with email and phone SMS OTP verification for MFA purposes in which I am not using the out-of-the-box custom policy from Microsoft so that codes are sent automatically without a first screen to click the Send Code button to lessen number of clicks. This basically has split out the generate/send OTP step and the verify OTP step.

The issue is that I no longer have the "send a new code" link/button to request a new OTP code sent to email/phone after the initial one is sent. I have been unable to figure out a custom solution that will work. My goal is to add a resend code functionality to my split out steps for both email and phone verification rather than go back to the out-of-the-box solution.

Before splitting out the steps for email verification, I had a working JavaScript solution that would automatically click the send code button to get to the verification step and additionally skip the continue button step after verifying, but it was clunky and somewhat visible to the end user what was happening. I also need to keep this split step approach for the phone SMS OTP verification for other reasons and would like the email and phone verification to mirror each other for consistency.

I do not believe there is a way to repeat the current orchestration step (i.e., initially generate/send/verify otp > user clicks custom send new code link > skip verify otp validation technical profile and repeat the current orchestration step to generate/send/verify otp > once user clicks the verify code button to continue, run validation technical profile to verify otp and move to next orchestration step).

Any suggestions? Happy to provide more details as needed.

Accepted answer

1 additional answer

Your answer

Answer 1

Givary-MSFT 35,621 Microsoft Employee Moderator

@Evan Levy I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

Issue: have an Azure AD B2C custom policy with email and phone SMS OTP verification for MFA purposes in which I am not using the out-of-the-box custom policy from Microsoft so that codes are sent automatically without a first screen to click the Send Code button to lessen number of clicks. This basically has split out the generate/send OTP step and the verify OTP step.

The issue is that I no longer have the "send a new code" link/button to request a new OTP code sent to email/phone after the initial one is sent. I have been unable to figure out a custom solution that will work. My goal is to add a resend code functionality to my split out steps for both email and phone verification rather than go back to the out-of-the-box solution.

Before splitting out the steps for email verification, I had a working JavaScript solution that would automatically click the send code button to get to the verification step and additionally skip the continue button step after verifying, but it was clunky and somewhat visible to the end user what was happening. I also need to keep this split step approach for the phone SMS OTP verification for other reasons and would like the email and phone verification to mirror each other for consistency.

I do not believe there is a way to repeat the current orchestration step (i.e., initially generate/send/verify otp > user clicks custom send new code link > skip verify otp validation technical profile and repeat the current orchestration step to generate/send/verify otp > once user clicks the verify code button to continue, run validation technical profile to verify otp and move to next orchestration step).

Resolved by @Evan Levy and below comment has the detailed steps which were followed.

If you have any other questions or are still running into more issues, please let me know. Thank you again for your time and patience throughout this issue.

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Evan Levy 20

Hi Givary, thank you for your response. I have found a solution by creating a series of ValidationTechnicalProfiles within my verification technical profile for email that does the following:

Checks Resend OTP Limit (if a claim equals true for resending code)
Generate OTP (if a claim equals true for resending code)
Send OTP (if a claim equals true for resending code)
Force Stay On Page (if a claim equals true for resending code) - this one stops the next step from happening so a user can repeatedly send new codes. It uses an OutputClaimsTransformation to force a validation failure
Verify OTP

I included the ValidationTechnicalProfiles code snippet for reference below.

I have proven out this works, except if a user requests several codes - after 8 OTP generations B2C redirects back to the application with error. So I have been trying to configure a means of incrementing a claim each OTP generation and then use the first validation technical profile for checking resend OTP limit above to throw an error once the limit has been reached. I am struggling to get the integer claim to persist with the incremented value on each generation (i.e., the claim always is 0 or null for the different ways I have tried). I tried utilizing the claim transformation AdjustNumber method as well as a REST API call that does the incrementing. All my efforts result in the claim continuing to be 0 upon each code request (rather than 0 > 1 > 2, etc.). Any suggestions to get this working for my scenario would be appreciated.

<ValidationTechnicalProfiles>						
	<!-- Step 1: Optionally trigger check resend limit exceedance if the claim indicates a resend is requested -->
	<ValidationTechnicalProfile ReferenceId="REST-CheckResendOtpLimit" ContinueOnError="false">
		<Preconditions>
			<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
				<Value>triggerResendOtpCode</Value>
				<Value>True</Value>
				<Action>SkipThisValidationTechnicalProfile</Action>
			</Precondition>
		</Preconditions>
	</ValidationTechnicalProfile>
	
	<!-- Step 2: Optionally trigger generate OTP if the claim indicates a resend is requested -->
	<ValidationTechnicalProfile ReferenceId="GenerateOtp" ContinueOnError="true">
		<Preconditions>
			<!-- Skip this if isResendEmailVerification is not true -->
			<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
				<Value>triggerResendOtpCode</Value>
				<Value>True</Value>
				<Action>SkipThisValidationTechnicalProfile</Action>
			</Precondition>
		</Preconditions>
	</ValidationTechnicalProfile>
	
	<!-- Step 3: Optionally trigger send OTP if the claim indicates a resend is requested -->
	<ValidationTechnicalProfile ReferenceId="SendOtp" ContinueOnError="true">
		<Preconditions>
			<!-- Skip this if isResendEmailVerification is not true -->
			<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
				<Value>triggerResendOtpCode</Value>
				<Value>True</Value>
				<Action>SkipThisValidationTechnicalProfile</Action>
			</Precondition>
		</Preconditions>
	</ValidationTechnicalProfile>

	<!-- Step 4: Optionally trigger force failure to stay on page if the claim indicates a resend is requested -->
	<ValidationTechnicalProfile ReferenceId="ForceStayOnPage">
		<Preconditions>
			<!-- Only fail validation if triggerResendOtpCode is True -->
			<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
				<Value>triggerResendOtpCode</Value>
				<Value>True</Value>
				<Action>SkipThisValidationTechnicalProfile</Action>
			</Precondition>
		</Preconditions>
	</ValidationTechnicalProfile>

	<!-- Step 5: Validate the OTP -->
	<ValidationTechnicalProfile ReferenceId="VerifyOtp" ContinueOnError="false">
		<Preconditions>
			<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
				<Value>extension_IsResetMfa</Value>
				<Value>False</Value>
				<Action>SkipThisValidationTechnicalProfile</Action>
			</Precondition>
		</Preconditions>
	</ValidationTechnicalProfile>
</ValidationTechnicalProfiles>

Chetan Patil 0 Reputation points

2025-01-07T13:35:42.55+00:00
Hello Evan Levy,

Thanks for your solution.

I also trying implement same thing and facing some challenges, below are the details please check and let me know if you have any solution.

How we can add Resend custom link or button and call Technical Profile on custom button click.

How did you set value to triggerResendOtpCode and extension_IsResetMfa variable

Technical Profile - ForceStayOnPage

Kindly share code changes, it would be really helpful for me.

Answer 2

Hi @Evan Levy

Thank you for posting this in Microsoft Q&A.

I understand you have an Azure AD B2C custom policy with email and phone SMS OTP verification for MFA purposes, and you have split out the generate/send OTP step and the verify OTP step. However, you are facing an issue where you no longer have the "send a new code" link/button to request a new OTP code sent to email/phone after the initial one is sent. You are looking for a custom solution to add a resend code functionality to your split out steps for both email and phone verification.

One possible solution is to create a new orchestration step that generates and sends a new OTP code, and then redirects the user back to the verification step. You can then add a custom link or button on the verification page that triggers this new orchestration step.

To implement this solution, you can follow these steps:

Create a new orchestration step that generates and sends a new OTP code. You can use the same technical profile that you are currently using to generate and send the initial OTP code.
Add a new claims transformation that sets a flag indicating that a new OTP code has been sent. You can use a boolean claim type for this flag.
Modify the verification orchestration step to check for the flag indicating that a new OTP code has been sent. If the flag is set, skip the validation technical profile and redirect the user back to the new orchestration step to generate and send a new OTP code.
Add a custom link or button on the verification page that triggers the new orchestration step to generate and send a new OTP code. You can use JavaScript to set the flag indicating that a new OTP code has been sent and then submit the form to trigger the new orchestration step.

Hope this helps. Do let us know if you any further queries.

Thanks,

Navya.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Share via

Azure AD B2C Custom OTP Verification Unable to Add Send New Code Button/Link

1 additional answer

Your answer