在Azure AD B2C业务流程中填充电子邮件地址文本框 [英] Populate the email address text box in Azure AD B2C Orchestration
问题描述
我正在使用自定义策略来进行一些用户之旅,并使用 SocialAndLocalAccountsWithMfa .在其中一个步骤中,我要询问用户其电子邮件地址
I am using custom policies to do some User Journeys and using SocialAndLocalAccountsWithMfa. In one of the step I am asking the user for their email address
我正在使用"LocalAccountDiscoveryUsingEmailAddress"在第一个屏幕上获取其电子邮件地址.然后根据它们是否已注册MFA,将它们发送到移动OTP"屏幕或发送到邮件地址"OTP"屏幕.
I am using "LocalAccountDiscoveryUsingEmailAddress" to get their email address on the first screen. And then depending on if they are registered for MFA they are sent to Mobile OTP screen or sent to the mail address OTP screen.
现在发生的情况是,在他们输入电子邮件地址并按ok(然后将它们发送到emial OTP屏幕)之后,将再次显示另一个屏幕以再次输入其电子邮件地址进行验证.我在这里找两个可能性
Now what happens is that after they put their email address and press ok (and they are sent to the emial OTP screen) they are presented again with another screen to put their email address again to verify. I am looking for two possibilites here
1)(首选),他们会立即收到一封OTP电子邮件-因此,他们不必键入电子邮件地址,然后单击验证emial"即可发送OTP
1) (Preferred) They are immediately sent an email OTP - so they don't have to type their email address and then click on "verify emial" to send OTP
或
2)屏幕上已经填充了他们的电子邮件地址,因此无需再次输入,因此只需单击验证电子邮件"按钮即可.
2) Their email address is populated in the screen already so they don't have to type it again and thus all they have to do is click on "Verify Email" button.
我的Userjourney看起来像
My Userjourney for this looks something like
<UserJourney Id="PasswordReset">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="PasswordResetUsingEmailAddress" TechnicalProfileReferenceId="LocalAccountDiscoveryUsingEmailAddress" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>strongAuthenticationPhoneNumber</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="PasswordResetUsingEmailAddressExchange" TechnicalProfileReferenceId="LocalAccountDiscoveryUsingEmailAddressOTP" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="3" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="false">
<Value>strongAuthenticationPhoneNumber</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="PhoneFactor-Verify" TechnicalProfileReferenceId="PhoneFactor-InputOrVerify" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="4" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="NewCredentials" TechnicalProfileReferenceId="LocalAccountWritePasswordUsingObjectId" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="5" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
</OrchestrationSteps>
<ClientDefinition ReferenceId="DefaultWeb" />
</UserJourney>
推荐答案
首先,对于#2,您可以实施一个技术资料,将电子邮件地址作为输入声明,以便将其预先填写在自我声明中页面,例如:
Firstly, for #2, you can implement a technical profile that accepts the email address as an input claim so that it is pre-filled in the self-asserted page, such as:
<TechnicalProfile Id="SelfAsserted-LocalAccount-EmailVerification">
<DisplayName>Local Account Email Address Verification</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.localaccount.emailverification</Item>
<Item Key="EnforceEmailVerification">true</Item>
</Metadata>
<InputClaimsTransformations>
<InputClaimsTransformation ReferenceId="CreateReadonlyEmailClaim" />
</InputClaimsTransformations>
<InputClaims>
<InputClaim ClaimTypeReferenceId="readonlyEmail" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="readonlyEmail" PartnerClaimType="verified.email" Required="true" />
</OutputClaims>
</TechnicalProfile>
此技术资料是指只读电子邮件地址,因此最终用户无法更改用于进行OTP验证的电子邮件地址.
This technical profile is referring to a read-only email address so that the end user can't change the email address for the OTP verification.
CreateReadonlyEmailClaim声明转换定义为:
<ClaimsTransformation Id="CreateReadonlyEmailClaim" TransformationMethod="FormatStringClaim">
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" TransformationClaimType="inputClaim" />
</InputClaims>
<InputParameters>
<InputParameter Id="stringFormat" DataType="string" Value="{0}" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="readonlyEmail" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
readonlyEmail声明类型声明为:
<ClaimType Id="readonlyEmail">
<DisplayName>E-mail Address</DisplayName>
<DataType>string</DataType>
<UserInputType>Readonly</UserInputType>
</ClaimType>
对于#1,您可以实施上述更改以及在自定义页面UI中实施JavaScript功能,以点击" 验证电子邮件按钮以启动OTP验证.
For #1, you can implement the above changes as well as implement a JavaScript function in a custom page UI to "click" the Verify Email button to initiate the OTP verification.
这篇关于在Azure AD B2C业务流程中填充电子邮件地址文本框的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
