问题
I'm using Azure AD B2C and we've been presented with a preference/requirement from our product team to allow users to sign up/in using either an email address OR a mobile phone number as the user id.
Currently the built in flows only allow email or username as the user id. There's strong evidence to suggest that we could create a custom policy to allow for mobile phone number, but what I need is the ability to sign up/in using either email address OR mobile phone number.
It seems like I'm not the only one requesting this functionality. https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/15334314-phone-number-sign-up?page=2&per_page=20
Just wondering if there's a way to achieve this using custom policies, and if so; any demos/links that explain how to do this...
[Edit] User journeys
Web app sign-up:
- User enters email or mobile
- MFA to email or mobile (whichever was entered)
- Authenticate code sent to user
- Set password.
- IDP done
- Back in app, might capture email or mobile (whichever was not captured in IDP) and update B2C via MS Graph API.
Native mobile app sign-up:
- User enters mobile
- MFA to mobile
- Authenticate code
- Set password.
- IDP done
- Back in app, might capture email and update B2C via MS Graph API
Web app sign-in:
- Sign in using either (mobile or email) and password.
Native mobile app sign-up:
- Sign in using mobile and password.
- Use refresh token most of the time instead of explicit sign-in.
回答1:
You are able to implement this with two custom policies:
- A sign-up or sign-in policy that allows sign-up for a local account using a phone number and sign-in for a local account using an e-mail address or a phone number.
- A linking policy that allows linking of an e-mail address to a local account that has been registered using a phone number.
I've published the following custom policy samples to this GitHub repository:
- phone_sign_up_any_sign_in: Sign-up for a local account using a phone number. The end user is prompted for verification of the phone number. An e-mail address can be linked to the local account using the email_linking policy. Sign-in for a local account using an e-mail address or a phone number. If the e-mail address hasn't been verified, then the end user is prompted for verification of the e-mail address. If the phone number hasn't been verified, then the end user is prompted for verification of the phone number.
- email_linking: Linking of an e-mail address to a local account that has been registered using a phone number. The end user is prompted for verification of the e-mail address.
来源:https://stackoverflow.com/questions/54453215/azure-ad-b2c-sign-up-in-using-email-or-mobile