Triggering email verification

问题

I am using custom policies.

The user journey desired is:

User enters the email/password on screen 1.
On successful validation of screen 1, the user is sent to screen 2. In screen 2 user has to enter a code sent to their email. (Note the user has already verified the email during sign up)

I am stuck at getting 2 to work. The current policy looks like this: Step 1 outputs email claim.

Step 2 takes the email claim as input.

In step 2 an editable text box with email prefilled is presented. No code is asked for. However, if the email is edited a code is asked for.

<TechnicalProfile Id="VerifyEmailAddress">
  <DisplayName>Local Account Signin</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
  </Metadata>
  <IncludeInSso>false</IncludeInSso>
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="signInName" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="Verified.Email" Required="true"/>
    <OutputClaim ClaimTypeReferenceId="objectId" />
    <OutputClaim ClaimTypeReferenceId="userPrincipalName" />
    <OutputClaim ClaimTypeReferenceId="authenticationSource" />
  </OutputClaims>
  <ValidationTechnicalProfiles>
    <ValidationTechnicalProfile ReferenceId="AAD-UserReadUsingEmailAddress" />
  </ValidationTechnicalProfiles>
</TechnicalProfile>

回答1:

Yeah that caused me lots of trouble,

I basically use a claims transformation to do it

<InputClaimsTransformations>
   <InputClaimsTransformation ReferenceId="CopyClaimToreadOnly" />
</InputClaimsTransformations>
<InputClaims>
 <InputClaim ClaimTypeReferenceId="myAlreadyPopulatedClaim" />
 <InputClaim ClaimTypeReferenceId="myAlreadyPopulatedClaim-Readonly" />
</InputClaims>
<OutputClaims>
   <OutputClaim ClaimTypeReferenceId="myAlreadyPopulatedClaim-Readonly" 
PartnerClaimType="Verified.Email" />
 </OutputClaims>

The control isnt smart enough to realize that you populated the claim and you still want to do verification, it expects email entry and verification to be performed on the same page, when you split it you must do this claim copying

Hope this helps

来源：https://stackoverflow.com/questions/44351072/triggering-email-verification

标签

azure-ad-b2c

identity-experience-framework