Is there a way to suggest the signup email in a custom policy. I have users that need to signup only from invitational emails.
I saw in the docs (https://docs.microsoft.com/bs-latn-ba/azure/active-directory-b2c/direct-signin) that there is a way to suggest the login email in a custom policy Sign In by passing it as login_hint parameter in the request and adding DefaultValue="{OIDC:LoginHint} in the XML definition for "SelfAsserted-LocalAccountSignin-Email" TechnicalProfile. This works for Sign in but fails when I try to use the same trick in the "LocalAccountSignUpWithLogonEmail"
As @chris-padgett mentioned, you can create an invitation link.
The WingTip Games Application uses client_assertion to pass JSON to the User Journey but this approach has been deprecated: see B2C Documentation.
The recommended way is to pass JSON to the user journey, using id_token_hint.
You can find more information in this GitHub repo: SignUp with email invitation.
- The application generates a sign-in invitation link(with a id_token_hint).
- User clicks on the link, that takes the user to Azure AD B2C policy.
- Azure AD B2C validates the input id_token_hint, asks the user to provide the password and user data (the email is read only).
- User clicks continue, Azure AD B2C creates the account, issues an access token, and redirect the user back to the application.
For a code example for invitations, see the Wingtip Games application, which generates an invitation link that contains:
- The e-mail address of the invited user
- An invitation expiration, and
- A HMAC-based signature
When the invitation link is opened, this application validates the HMAC-based signature and the invitation expiration and, if they are valid, then it redirects the invited user to an invitation policy.
This policy redirection contains a signed JWT with the email address of the invited user so that they must register with this email address.
