0

I am trying to customize the password reset page in Azure B2C. I followed the documentation of Microsoft: https://learn.microsoft.com/en-us/azure/active-directory-b2c/customize-ui-with-html?pivots=b2c-custom-policy

everything looks ok, but after opening the page with run now in custom policy the custom page is showing without the fields from the API. empty api

for test I set this custom page in the userflow, and over there the page is showing with the input fields. So it looks like there is something wrong in the custom policy, but everything looks ok I guess.

  <ContentDefinition Id="api.localaccountpasswordreset">
    <LoadUri>https://company.blob.core.windows.net/azure-b2c/custom-selfAsserted.html</LoadUri>
    <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
    <DataUri>urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0</DataUri>
    <Metadata>
      <Item Key="DisplayName">Local account change password page</Item>
    </Metadata>
  </ContentDefinition>

Does someone have a suggestion why the API fields aren't showing up?

Custom policy of Sendgrid extensions:

<?xml version="1.0" encoding="utf-8" ?>
<TrustFrameworkPolicy 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
  xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" 
  PolicySchemaVersion="0.3.0.0" 
  TenantId="tenant.onmicrosoft.com" 
  PolicyId="B2C_1A_SendGrid_Extensions" 
  PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_TrustFrameworkExtensions">
  
  <BasePolicy>
    <TenantId>tenant.onmicrosoft.com</TenantId>
    <PolicyId>B2C_1A_TrustFrameworkBase</PolicyId>
  </BasePolicy>
 <BuildingBlocks>
    <ClaimsSchema>
        <ClaimType Id="Otp">
            <DisplayName>Secondary One-time password</DisplayName>
            <DataType>string</DataType>
        </ClaimType>
        <ClaimType Id="emailRequestBody">
            <DisplayName>SendGrid request body</DisplayName>
            <DataType>string</DataType>
        </ClaimType>
        <ClaimType Id="VerificationCode">
            <DisplayName>Secondary Verification Code</DisplayName>
            <DataType>string</DataType>
            <UserHelpText>Enter your email verification code</UserHelpText>
            <UserInputType>TextBox</UserInputType>
        </ClaimType>
    </ClaimsSchema>

    <ClaimsTransformations>
        <ClaimsTransformation Id="GenerateEmailRequestBody" TransformationMethod="GenerateJson">
        <InputClaims>
            <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="personalizations.0.to.0.email" />
            <InputClaim ClaimTypeReferenceId="otp" TransformationClaimType="personalizations.0.dynamic_template_data.otp" />
            <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="personalizations.0.dynamic_template_data.email" />
        </InputClaims>
        <InputParameters>
            <!-- Update the template_id value with the ID of your SendGrid template. -->
            <InputParameter Id="template_id" DataType="string" Value="d-8d30a9a4de9a4a82cd6b1"/>
            <InputParameter Id="from.email" DataType="string" Value="email@domain.com"/>
            <!-- Update with a subject line appropriate for your organization. -->
            <InputParameter Id="personalizations.0.dynamic_template_data.subject" DataType="string" Value="Email verification"/>
        </InputParameters>
        <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="emailRequestBody" TransformationClaimType="outputClaim"/>
        </OutputClaims>
        </ClaimsTransformation>
    </ClaimsTransformations>

    <ContentDefinitions>
    <ContentDefinition Id="api.localaccountsignup">
        <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.0</DataUri>
    </ContentDefinition>
    <ContentDefinition Id="api.localaccountpasswordreset">
     <LoadUri>https://b2cstorage.blob.core.windows.net/azure-b2c/custom-selfAsserted.html</LoadUri>
     <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
     <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.0</DataUri>
        <Metadata>
          <Item Key="DisplayName">Local account change password page</Item>
        </Metadata>
      </ContentDefinition>
    </ContentDefinitions>

    <DisplayControls>
        <DisplayControl Id="emailVerificationControl" UserInterfaceControlType="VerificationControl">
            <DisplayClaims>
            <DisplayClaim ClaimTypeReferenceId="email" Required="true" />
            <DisplayClaim ClaimTypeReferenceId="verificationCode" ControlClaimType="VerificationCode" Required="true" />
            </DisplayClaims>
            <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="email" />
            </OutputClaims>
            <Actions>
            <Action Id="SendCode">
                <ValidationClaimsExchange>
                <ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="GenerateOtp" />
                <ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="SendOtp" />
                </ValidationClaimsExchange>
            </Action>
            <Action Id="VerifyCode">
                <ValidationClaimsExchange>
                <ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="VerifyOtp" />
                </ValidationClaimsExchange>
            </Action>
            </Actions>
        </DisplayControl>
    </DisplayControls>
  </BuildingBlocks>

  <ClaimsProviders>

    <ClaimsProvider>
      <DisplayName>Local Account SignIn</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="login-NonInteractive">
          <Metadata>
            <Item Key="client_id">ProxyIdentityExperienceFrameworkAppId</Item>
            <Item Key="IdTokenAudience">IdentityExperienceFrameworkAppId</Item>
          </Metadata>
          <InputClaims>
            <InputClaim ClaimTypeReferenceId="client_id" DefaultValue="ProxyIdentityExperienceFrameworkAppId" />
            <InputClaim ClaimTypeReferenceId="resource_id" PartnerClaimType="resource" DefaultValue="IdentityExperienceFrameworkAppId" />
          </InputClaims>
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>

    <ClaimsProvider>
  <DisplayName>One time password technical profiles</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="GenerateOtp">
      <DisplayName>Generate one time password</DisplayName>
      <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.OneTimePasswordProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
      <Metadata>
        <Item Key="Operation">GenerateCode</Item>
        <Item Key="CodeExpirationInSeconds">1200</Item>
        <Item Key="CodeLength">6</Item>
        <Item Key="CharacterSet">0-9</Item>
        <Item Key="ReuseSameCode">true</Item>
        <Item Key="MaxNumAttempts">5</Item>
      </Metadata>
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="identifier" />
      </InputClaims>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="otp" PartnerClaimType="otpGenerated" />
      </OutputClaims>
    </TechnicalProfile>

    <TechnicalProfile Id="VerifyOtp">
      <DisplayName>Verify one time password</DisplayName>
      <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.OneTimePasswordProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
      <Metadata>
        <Item Key="Operation">VerifyCode</Item>
      </Metadata>
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="identifier" />
        <InputClaim ClaimTypeReferenceId="verificationCode" PartnerClaimType="otpToVerify" />
      </InputClaims>
    </TechnicalProfile>
  </TechnicalProfiles>
    </ClaimsProvider>

    <ClaimsProvider>
  <DisplayName>RestfulProvider</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="SendOtp">
      <DisplayName>Use SendGrid's email API to send the code the the user</DisplayName>
      <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
      <Metadata>
        <Item Key="ServiceUrl">https://api.sendgrid.com/v3/mail/send</Item>
        <Item Key="AuthenticationType">Bearer</Item>
        <Item Key="SendClaimsIn">Body</Item>
        <Item Key="ClaimUsedForRequestPayload">emailRequestBody</Item>
      </Metadata>
      <CryptographicKeys>
        <Key Id="BearerAuthenticationToken" StorageReferenceId="B2C_1A_SendGridSecret" />
      </CryptographicKeys>
      <InputClaimsTransformations>
        <InputClaimsTransformation ReferenceId="GenerateEmailRequestBody" />
      </InputClaimsTransformations>
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="emailRequestBody" />
      </InputClaims>
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

<ClaimsProvider>
  <DisplayName>Local Account</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
      <Metadata>
        <!--OTP validation error messages-->
        <Item Key="UserMessageIfSessionDoesNotExist">You have exceeded the maximum time allowed.</Item>
        <Item Key="UserMessageIfMaxRetryAttempted">You have exceeded the number of retries allowed.</Item>
        <Item Key="UserMessageIfInvalidCode">You have entered the wrong code.</Item>
        <Item Key="UserMessageIfSessionConflict">Cannot verify the code, please try again later.</Item>
      </Metadata>
      <DisplayClaims>
        <DisplayClaim DisplayControlReferenceId="emailVerificationControl" />
        <DisplayClaim ClaimTypeReferenceId="displayName" Required="true" />
        <DisplayClaim ClaimTypeReferenceId="givenName" Required="true" />
        <DisplayClaim ClaimTypeReferenceId="surName" Required="true" />
        <DisplayClaim ClaimTypeReferenceId="newPassword" Required="true" />
        <DisplayClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
      </DisplayClaims>
    </TechnicalProfile>
    <TechnicalProfile Id="LocalAccountDiscoveryUsingEmailAddress">
      <Metadata>
        <!--OTP validation error messages-->
        <Item Key="UserMessageIfSessionDoesNotExist">You have exceeded the maximum time allowed.</Item>
        <Item Key="UserMessageIfMaxRetryAttempted">You have exceeded the number of retries allowed.</Item>
        <Item Key="UserMessageIfInvalidCode">You have entered the wrong code.</Item>
        <Item Key="UserMessageIfSessionConflict">Cannot verify the code, please try again later.</Item>
      </Metadata>
      <DisplayClaims>
        <DisplayClaim DisplayControlReferenceId="emailVerificationControl" />
      </DisplayClaims>
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

  </ClaimsProviders>

    <!--UserJourneys>
    
    </UserJourneys-->

</TrustFrameworkPolicy>

the is urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.0

which may conflict with the template. I also played around with this section, but no success.

Jason Aller
  • 3,541
  • 28
  • 38
  • 38
Real-One
  • 1
  • 1
  • If we could see the HTML you put in the loadURI, that would help. – Jas Suri - MSFT Mar 22 '21 at 23:35
  • @Real-One, can you try updating the value of the DataUri element to "urn:com:microsoft:aad:b2c:elements:selfasserted:1.2.0" or above. Secondly if your custom html page is using is using javascript, make sure you update the element with the following "urn:com:microsoft:aad:b2c:elements:contract:selfasserted:1.2.0" and also check this this page to make sure all the elements are updated as per the doc: https://learn.microsoft.com/en-us/azure/active-directory-b2c/javascript-and-page-layout?pivots=b2c-custom-policy#select-a-page-layout-version – SouravMishra-MSFT Mar 23 '21 at 06:56
  • @SouravMishra-MSFT i edited my post, i was forgotten to tell i also using the Sendgrid API integration – Real-One Mar 23 '21 at 09:35

0 Answers0