0

I have implemented the custom-mfa-totp sample. I have defined a custom policy which allows to reset the QR code. Everything works fine.

Now I need to let's say connect the two policies. Let' assume the following scenario:

  • User signs up to my B2C
  • User signs in, it has to install the authentication app in order to get the verify code
  • User is signed in
  • Month later the User has to reinstall the app (for an unknown reason). If he goes to the login, a verify code is requested:

enter image description here

My idea is to add a sort of link in order to open the other policy to reset the QR code. In the documentation I have seen the possibility to add Actions, but I have not been able to figure out how. Any hint?

I already added it:

enter image description here

But in order to redirect in a right way, i need the parameters from the previous page, such as ´client_Id´ and redirect_url.

Emaborsa
  • 2,360
  • 4
  • 28
  • 50

2 Answers2

1

Assuming you already know how to customize the UI, you can add ContentDefinitionParameters to your Relying Party policy to pass params to your HTML template. You can use claim resolvers to get the client_id and redirect_uri:

<ContentDefinitionParameters>
    <Parameter Name="client_id">{OIDC:ClientId}</Parameter>
    <Parameter Name="redirect_uri">{OIDC:RedirectUri}</Parameter>
</ContentDefinitionParameters>

These values can be accessed via JavaScript by parsing the query string from SETTINGS.remoteResource. The SETTINGS object is injected into your HTML template when the corresponding content definition is loaded by the Identity Experience Framework. Do note that the SETTINGS object is part of the internal API and may change between page layout versions.

Now that you have the client_id and redirect_uri, you can generate a link to another policy using JavaScript, although including the original nonce in the policy redirect would probably be a good idea as well.

Daniel Krasnove
  • 204
  • 3
  • 6
  • I added the params using claim resolvers. I did not find the `SETTINGS` variable youmentioned, but I got the parameters in the URL, in the `diags` parameter. Thanks! – Emaborsa May 03 '21 at 19:57
  • @Emaborsa I am on page layout version 2.1.2 and for me the `SETTINGS` object is available in the global scope. You should be able to see it by just typing `SETTINGS` from the browser console. – Daniel Krasnove May 03 '21 at 22:20
  • ...I found it, but there is no redirectUrl nor clientId. – Emaborsa May 04 '21 at 05:53
  • There should be a remoteResource property attached to the `SETTINGS` object. The reason why I wouldn't necessarily rely on the `diags` query param is because it looks to me like a kind of diagnostic artifact so I wouldn't trust it to remain consistent across environments. Just guessing though, I don't know how it works exactly. – Daniel Krasnove May 04 '21 at 16:37
-1

You can add a link in the custom HTML to myapp.com/launchPolicyX. Then the application should make a fresh authentication request using your favorite OpenId library.

Jas Suri - MSFT
  • 10,605
  • 2
  • 10
  • 20
  • 3
    Could you explain me a bit more or give me any samples which help me through? – Emaborsa Apr 09 '21 at 12:18
  • Use custom HTML to [brand your page](https://learn.microsoft.com/en-us/azure/active-directory-b2c/customize-ui-with-html?pivots=b2c-user-flow). That allows you to add your own HTML elements (HTML/CSS/JS) to be rendered and merged with the B2C page. In this HTML, embed your own [link](https://www.w3schools.com/html/html_links.asp) to myapp.com/foo. The /foo endpoint of your app should then trigger a new auth flow with the new policyId. – Jas Suri - MSFT Apr 23 '21 at 12:18
  • OK, but not that easy. In order to start a flow, I need clientId and redirectUrl, which are dyanamic and can differ. – Emaborsa Apr 23 '21 at 14:47
  • That’s why your link goes to the app and not directly to the policy. – Jas Suri - MSFT Apr 23 '21 at 21:20