I have created an Azure AD B2C tenant and configured local account with username as the login method. I created a signup policy and did a signup through Azure AD B2C signup screen. In the signup screen, I entered an email address and Azure AD B2C sent an email for validation. Once signup succeeded, I was trying to get the signed up user's details through the Graph API.
Graph API URL used to retrieve user details:
https://graph.windows.net/<tenantid>/users?api-version=1.6
I was able to get all other information of new user like username, first name, last name, etc... except the email address entered by the user during email validation.
Please let me know if there is any way or configuration available to get email address through the Graph API.
In the case where users sign in with username + email validation, there is no way to retrieve the email used.
Here are all the cases pertaining email in Azure AD B2C and where they are stored.
- Local account with email-based sign in: Email is available via the
signInNames
property
- Local account with username-based sign in + email verification: Email is not available anywhere.
- Social IdPs via built-in policies: Email, if available from the IdP, is available via the
otherMails
property.
Other considerations:
- The email used for MFA & password reset is not available anywhere either (this is really the same case as local account with username-based sign in + email verification).
- You can prompt the user for their email in your sign up policy's "Sign-up attributes".
- With custom policies and custom IdPs, it's really up to you whether you want to retrieve the email, where to retrieve it from and where you store it.
You can always request the email be made available for your scenario or any other asks via the Azure AD B2C feedback forum