Skip to content

Instantly share code, notes, and snippets.

@rbrayb

rbrayb/CreateUser.json

Last active November 19, 2023 19:38
Show Gist options
  • Save rbrayb/cf7e787d408d606ffd97626f60364ae7 to your computer and use it in GitHub Desktop.
Save rbrayb/cf7e787d408d606ffd97626f60364ae7 to your computer and use it in GitHub Desktop.
Download ZIP
Reading a user record in Azure AD B2C via a phone number
Raw
CreateUser.json
{
"accountEnabled": true,
"displayName": "Read Phone",
"givenName": "Read",
"surname": "Phone",
"mailNickname": "Phone-Read",
"userPrincipalName": "[email protected]",
"passwordProfile": {
"forceChangePasswordNextSignIn": false,
"password": "xWwuiasduidWH-d"
},
"passwordPolicies": "DisablePasswordExpiration",
"identities": [
{
"signInType": "emailAddress",
"issuer": "tenant.onmicrosoft.com",
"issuerAssignedId": "[email protected]"
},
{
"signInType": "phoneNumber",
"issuer": "tenant.onmicrosoft.com",
"issuerAssignedId": "+64271234567"
}
]
}
Raw
Read-Phone.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="tenant.onmicrosoft.com" PolicyId="B2C_1A_Read_PhoneNumber" PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_Read_PhoneNumber"
DeploymentMode="Development"
UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights"
>
<BasePolicy>
<TenantId>tenant.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TRUSTFRAMEWORKEXTENSIONSMFA</PolicyId>
</BasePolicy>
<BuildingBlocks>
<ClaimsSchema>
<ClaimType Id="countryCode">
<DisplayName>Country Code</DisplayName>
<DataType>string</DataType>
<UserHelpText>Phone Number</UserHelpText>
<UserInputType>DropdownSingleSelect</UserInputType>
<Restriction>
<Enumeration Text="New Zealand(+64)" Value="NZ" SelectByDefault="true"/>
<Enumeration Text="Albania(+355)" Value="AL"/>
</Restriction>
</ClaimType>
<ClaimType Id="phoneNumber">
<DisplayName>Phone number</DisplayName>
<DataType>string</DataType>
<UserInputType>TextBox</UserInputType>
<Restriction>
<Pattern RegularExpression="^[1-9][0-9]{0,9}$" HelpText="Please enter a valid phone number."/>
</Restriction>
</ClaimType>
<ClaimType Id="signInNames.phoneNumber">
<DataType>phoneNumber</DataType>
</ClaimType>
</ClaimsSchema>
<ClaimsTransformations>
<ClaimsTransformation Id="ConvertStringToPhoneNumber" TransformationMethod="ConvertStringToPhoneNumberClaim">
<InputClaims>
<InputClaim ClaimTypeReferenceId="countryCode" TransformationClaimType="country"/>
<InputClaim ClaimTypeReferenceId="phoneNumber" TransformationClaimType="phoneNumberString"/>
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber" TransformationClaimType="outputClaim"/>
</OutputClaims>
</ClaimsTransformation>
</ClaimsTransformations>
<ContentDefinitions>
<ContentDefinition Id="newPhoneNumber">
<LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.1</DataUri>
<Metadata>
<Item Key="DisplayName">Verify new phone number</Item>
</Metadata>
</ContentDefinition>
</ContentDefinitions>
</BuildingBlocks>
<ClaimsProviders>
<ClaimsProvider>
<Domain>Test.com</Domain>
<DisplayName>Test</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="ObtainPhoneNumber">
<DisplayName>Phone</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
<Metadata>
<Item Key="ContentDefinitionReferenceId">newPhoneNumber</Item>
<Item Key="UserMessageIfClaimsTransformationInvalidPhoneNumber">Please enter a valid phone number and country code.</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer"/>
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="countryCode"/>
<InputClaim ClaimTypeReferenceId="phoneNumber"/>
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="countryCode"/>
<OutputClaim ClaimTypeReferenceId="phoneNumber"/>
<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber"/>
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="CombineCountryCodeAndNationalNumber"/>
</ValidationTechnicalProfiles>
</TechnicalProfile>
<TechnicalProfile Id="CombineCountryCodeAndNationalNumber">
<DisplayName>Combine country code and national number</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
<InputClaimsTransformations>
<InputClaimsTransformation ReferenceId="ConvertStringToPhoneNumber"/>
</InputClaimsTransformations>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber"/>
</OutputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/>
</TechnicalProfile>
<TechnicalProfile Id="AAD-UserReadUsingPhoneNumber">
<Metadata>
<Item Key="Operation">Read</Item>
<Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">false</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
<Item Key="UserMessageIfClaimsPrincipalDoesNotExist">Error - that phone number doesn't exist.</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInNames.phoneNumber"/>
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId"/>
<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber"/>
<OutputClaim ClaimTypeReferenceId="userPrincipalName"/>
<!-- Optional claims -->
<OutputClaim ClaimTypeReferenceId="displayName"/>
</OutputClaims>
<IncludeTechnicalProfile ReferenceId="AAD-Common"/>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
</ClaimsProviders>
<UserJourneys>
<UserJourney Id="SignIn-PhoneNumber">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="ObtainPhoneNumber" TechnicalProfileReferenceId="ObtainPhoneNumber"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="UserReadUsingPhoneNumber" TechnicalProfileReferenceId="AAD-UserReadUsingPhoneNumber"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer"/>
</OrchestrationSteps>
<ClientDefinition ReferenceId="DefaultWeb"/>
</UserJourney>
</UserJourneys>
<RelyingParty>
<DefaultUserJourney ReferenceId="SignIn-PhoneNumber"/>
<UserJourneyBehaviors>
<JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="410...5d0" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0"/>
</UserJourneyBehaviors>
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="OpenIdConnect"/>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="displayName"/>
<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber"/>
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
<OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}"/>
</OutputClaims>
<SubjectNamingInfo ClaimType="sub"/>
</TechnicalProfile>
</RelyingParty>
</TrustFrameworkPolicy>
@rbrayb
Copy link
Author

rbrayb commented Nov 19, 2023

https://medium.com/the-new-control-plane/reading-a-user-record-in-azure-ad-b2c-via-a-phone-number-7cce9157509b

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment