Azure AD B2C custom policies - prefill username from sign-in screen to password reset user journey - Stack Overflow

admin•2025-04-20 18:53:02•questions•阅读1

I have a requirement to enhance the user where I want to prefill the username in password reset flow wh

I have a requirement to enhance the user where I want to prefill the username in password reset flow when user is clicking the Fot password option.

I am using custom policies where user enter username and it it taken to screen where user can enter the password. On the same screen we have 'Fot password' option.

When user clicks - Fot password option, custom policies presents an option to enter the username to receive verification code.

Here, I want username to be prefilled from previous screen where user had entered the username.

I tried to set it user reference claims in 'LocalAccountDiscoveryUsingEmailAddress' technical profile, but it does not seems to be working.

In above image user has username entered and user chose the 'Fot or reset your password' option, so it presented user with an option to enter the username/email(right screen) but did not prefill username/email from earlier screen.

My password reset user journey looks like this:

<UserJourney Id="PasswordReset">
    <OrchestrationSteps>
        <OrchestrationStep Order="1" Type="ClaimsExchange">
            <ClaimsExchanges>
                <ClaimsExchange Id="PasswordResetUsingEmailAddressExchange" TechnicalProfileReferenceId="LocalAccountDiscoveryUsingEmailAddress" />
            </ClaimsExchanges>
        </OrchestrationStep>
        
        <OrchestrationStep Order="2" Type="ClaimsExchange">
            <Preconditions>
                <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
                    <Value>objectId</Value>
                    <Action>SkipThisOrchestrationStep</Action>
                </Precondition>
            </Preconditions>
            <ClaimsExchanges>
                <ClaimsExchange Id="SelfAssertedRegError" TechnicalProfileReferenceId="SelfAsserted-RegError" />
            </ClaimsExchanges>
        </OrchestrationStep>
        
        <OrchestrationStep Order="3" Type="ClaimsExchange">
            <ClaimsExchanges>
                <ClaimsExchange Id="NewCredentials" TechnicalProfileReferenceId="LocalAccountWritePasswordUsingObjectId" />
            </ClaimsExchanges>
        </OrchestrationStep>
        <OrchestrationStep Order="4" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
    </OrchestrationSteps>
    <ClientDefinition ReferenceId="DefaultWeb" />
</UserJourney>

And, LocalAccountDiscoveryUsingEmailAddress my technical profile looks like

<TechnicalProfile Id="LocalAccountDiscoveryUsingEmailAddress">
                <DisplayName>Reset password using email address</DisplayName>
                <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
                <Metadata>
                    <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
                    <Item Key="ContentDefinitionReferenceId">api.localaccountpasswordreset</Item>
                </Metadata>
                <CryptographicKeys>
                    <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
                </CryptographicKeys>
                <IncludeInSso>false</IncludeInSso>
                <InputClaims>
                    <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInName" />
                </InputClaims>  
                <OutputClaims>
                    <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true"/>
                    <OutputClaim ClaimTypeReferenceId="objectId" />
                    <OutputClaim ClaimTypeReferenceId="displayName" />
                    <OutputClaim ClaimTypeReferenceId="userPrincipalName" />
                    <OutputClaim ClaimTypeReferenceId="authenticationSource" />
                    <OutputClaim ClaimTypeReferenceId="accountEnabled" />
                </OutputClaims>
                <ValidationTechnicalProfiles>
                    <ValidationTechnicalProfile ReferenceId="AAD-UserReadUsingEmailAddress" />
                </ValidationTechnicalProfiles>
</TechnicalProfile>

I am not sure what exactly I am missing it's not even possible since both are seperate user journeys. My technical profile used in signin flow looks like this:

<TechnicalProfile Id="SelfAsserted-EmailOrUsernameCollect">
        <DisplayName>Email/Username</DisplayName>
        <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
        <Metadata>
            <Item Key="setting.operatingMode">Username</Item>
            <Item Key="ContentDefinitionReferenceId">api.selfasserted.profileupdate</Item>
            <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>                       
        </Metadata>
        <IncludeInSso>false</IncludeInSso>
        <InputClaims>
            <InputClaim ClaimTypeReferenceId="signInName" AlwaysUseDefaultValue="true" DefaultValue="{OIDC:LoginHint}" />
            <InputClaim ClaimTypeReferenceId="contextIPAddress" AlwaysUseDefaultValue="true" DefaultValue="{Context:IPAddress}" />z         </InputClaims>
        <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="signInName" />
            <OutputClaim ClaimTypeReferenceId="contextIPAddress" />
        </OutputClaims>
        <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
    </TechnicalProfile>

发布者：admin，转转请注明出处：http://www.yc00.com/questions/1745071322a4609565.html