Saving custom defined User attributes with azure AD B2C custom policy

Question

we are trying to set a custom user attribute

we have managed to show to define it the TrustFrameworkExtensions.xml ClaimsSchema

    <ClaimType Id="extension_GDPR_CONSENT">
        <DisplayName>extension_GDPR_CONSENT</DisplayName>
        <DataType>string</DataType>
        <UserInputType>CheckboxMultiSelect</UserInputType>
        <Restriction>
            <Enumeration Text="Accept" Value="true" SelectByDefault="false" />
        </Restriction>
    </ClaimType>

and also we menaged to show in our signup form

 <DisplayName>Local Account</DisplayName>      
    <TechnicalProfiles>
        <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
            <DisplayClaims>
                <DisplayClaim DisplayControlReferenceId="emailVerificationControl"/>
                <!--DisplayClaim ClaimTypeReferenceId="displayName" Required="true" />
                <DisplayClaim ClaimTypeReferenceId="givenName" Required="true" />
                <DisplayClaim ClaimTypeReferenceId="surName" Required="true" /-->
                <DisplayClaim ClaimTypeReferenceId="newPassword" Required="true" />
                <DisplayClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
                <DisplayClaim ClaimTypeReferenceId="extension_GDPR_CONSENT" Required="true" />

We have also updated the

 <TechnicalProfile Id="AAD-UserWriteUsingLogonEmail">
          <Metadata>
            <Item Key="Operation">Write</Item>
            <Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item>
          </Metadata>
          <IncludeInSso>false</IncludeInSso>
          <InputClaims>
            <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" Required="true" />
          </InputClaims>
          <PersistedClaims>
            <!-- Required claims -->
            <PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" />
            <PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password"/>
            <PersistedClaim ClaimTypeReferenceId="displayName" DefaultValue="TestCustomPolicy" />
            <PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration" />
            <PersistedClaim ClaimTypeReferenceId="extension_GDPR_CONSENT"/>

Adding the directory extension to the persistent claim

But it gives us a validation error?

Regards

Answer 1

To enable extension attributes in the custom policy, provide Application ID and Application Object ID in the AAD-Common technical profile metadata.

<ClaimsProvider>
<DisplayName>Azure Active Directory</DisplayName>
<TechnicalProfiles>
  <TechnicalProfile Id="AAD-Common">
    <Metadata>
      <!--Insert b2c-extensions-app application ID here, for example: 11111111-1111-1111-1111-111111111111-->  
      <Item Key="ClientId"></Item>
      <!--Insert b2c-extensions-app application ObjectId here, for example: 22222222-2222-2222-2222-222222222222-->
      <Item Key="ApplicationObjectId"></Item>
    </Metadata>
  </TechnicalProfile>
</TechnicalProfiles> 
</ClaimsProvider>

Check Out the link to know more : https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-flow-custom-attributes?pivots=b2c-custom-policy