how to get login_hint working with social IDP using custom policy

问题

We are using custom SignIn/SigUp Policy, configured Facebook, LinkedIn, Twitter, Google+ as Social IDP's.

We have built a custom page where we ask the user for their email and then redirect them to the particular IDP page (we have logic built around this) using domain_hint, for example: domain_hint=facebook.com.

I want to pass the email address entered by the user in the first step in login_hint along with domain_hint so that the user doesn't have to enter the email once again when redirected to the IDP Page (Facebook.com).

I took the code from the AD B2C documentation for IDP's and added as below in claims provider for Facebook, Linkedin, Twitter etc. which is not working

<InputClaims>
    <InputClaim ClaimTypeReferenceId="logonIdentifier" PartnerClaimType="login_hint" DefaultValue="{OIDC:LoginHint}" />
</InputClaims>
<OutputClaims>
    <OutputClaim ClaimTypeReferenceId="logonIdentifier" Required="true" />
</OutputClaims>

Is there a way/option to achieve this?

回答1:

For the above identity providers, Google is the only one that supports a login hint, so if you add the domain_hint and login_hint parameters to the Azure AD B2C request:

https://login.microsoftonline.com/te/<tenant>/<policy>/oauth2/v2.0/authorize?...&domain_hint=google.com&login_hint=someone@somewhere.com

then you can pass the "login_hint" parameter through from Azure AD B2C to the Google endpoint as follows:

1) Create a "loginHint" claim type:

<ClaimType Id="loginHint">
  <DisplayName>Login Hint</DisplayName>
  <DataType>string</DataType>
</ClaimType>

2) Add the "loginHint" input claim to the Google technical profile:

<ClaimsProvider>
  <Domain>google.com</Domain>
  <DisplayName>Google Account</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="GoogleAccount-OAuth2">
      <DisplayName>Google Account</DisplayName>
      <Protocol Name="OAuth2" />
      ...
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="loginHint" PartnerClaimType="login_hint" DefaultValue="{OIDC:LoginHint}" />
      </InputClaims>
      ...
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

回答2:

See this PDF: Targeting a sign-in user or domain name using login and domain hint

Using Login hint in custom policy.

To prepopulate the sign-in name, in your custom policy, override the SelfAsserted-LocalAccountSignin-Email technical profile. In the section, you set the signInName's claim's DefaultValue to {OIDC:LoginHint}. The {OIDC:LoginHint} variable contains the value of the login_hint parameter. Azure AD B2C reads the signInName input claim's value, and pre-populates the signInName textbox

来源：https://stackoverflow.com/questions/49456133/how-to-get-login-hint-working-with-social-idp-using-custom-policy