1

I have a current policy that I need to send a confirmation email. I have a send grid account that is currently delivering a verification email and its working fine.

In my password reset flow, this is what I have.

<SubJourneys>
<SubJourney Id="PasswordReset" Type="Call">
  <OrchestrationSteps>
    <!-- Validate user's email address. -->
    <OrchestrationStep Order="1" Type="ClaimsExchange">
      <ClaimsExchanges>
        <ClaimsExchange Id="PasswordResetUsingEmailAddressExchange" TechnicalProfileReferenceId="LocalAccountDiscoveryUsingEmailAddress" />
      </ClaimsExchanges>
    </OrchestrationStep>
    <!-- Show TOU-->
    <OrchestrationStep Order="2" Type="ClaimsExchange">
      <ClaimsExchanges>
        <ClaimsExchange Id="SelfAssertedConsentExchange" TechnicalProfileReferenceId="SelfAsserted-PasswordResetConsent" />
      </ClaimsExchanges>
    </OrchestrationStep>
    <!-- Collect and persist a new password. -->
    <OrchestrationStep Order="3" Type="ClaimsExchange">
      <ClaimsExchanges>
        <ClaimsExchange Id="NewCredentials" TechnicalProfileReferenceId="LocalAccountWritePasswordUsingObjectId" />
      </ClaimsExchanges>
    </OrchestrationStep>
    <OrchestrationStep Order="4" Type="ClaimsExchange">
      <ClaimsExchanges>
        <ClaimsExchange Id="GetAccessTokenPwdChangeNotification" TechnicalProfileReferenceId="SendPasswordChangeEmail" />
      </ClaimsExchanges>
    </OrchestrationStep>
  </OrchestrationSteps>
</SubJourney>

In step one of this flow there is a verification email that takes place that uses send grid and it works fine.

step 4 is where the process seems to fail.

There is the technical profile for step 4

    <ClaimsProvider>
  <DisplayName>RestfulProvider</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="SendPasswordChangeEmail">
      <DisplayName>Use SendGrid's email API to send the code the the user</DisplayName>
      <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
      <Metadata>
        <Item Key="ServiceUrl">https://api.sendgrid.com/v3/mail/send</Item>
        <Item Key="AuthenticationType">Bearer</Item>
        <Item Key="SendClaimsIn">Body</Item>
        <Item Key="ClaimUsedForRequestPayload">emailChangedBody</Item>
      </Metadata>
      <CryptographicKeys>
        <Key Id="BearerAuthenticationToken" StorageReferenceId="B2C_1A_SendGridSecret" />
      </CryptographicKeys>
      <InputClaimsTransformations>
        <InputClaimsTransformation ReferenceId="GenerateEmailChangedBody" />
      </InputClaimsTransformations>
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="emailChangedBody" />
      </InputClaims>
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

That references this claims transformation.

<ClaimsTransformation Id="GenerateEmailChangedBody" TransformationMethod="GenerateJson">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="personalizations.0.to.0.email" />
  </InputClaims>
  <InputParameters>
    <!-- Update the template_id value with the ID of your SendGrid template. -->
    <InputParameter Id="template_id" DataType="string" Value="my template"/>
    <InputParameter Id="from.email" DataType="string" Value="my email"/>
    <!-- Update with a subject line appropriate for your organization. -->
    <InputParameter Id="personalizations.0.dynamic_template_data.subject" DataType="string" Value="Account Password Changed"/>
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="emailChangedBody" TransformationClaimType="outputClaim"/>
  </OutputClaims>
</ClaimsTransformation>

I am getting a bad request when this goes out.

My ONLY guess is that the email is not getting passed into that claims transformation so it does not know where to send the email.

Any help would be appreicated.

Bnd10706
  • 1,933
  • 5
  • 24
  • 39
  • Have you enabled AppInsights for the Relying Party policy to see if the `email` claim has a value? And have you confirmed that the bearer token stored in the policy key is valid? – David Hoerster Mar 25 '22 at 20:13
  • yes, because the email is being sent 2 steps before for the validation code. – Bnd10706 Mar 26 '22 at 00:10
  • App insights logs required to troubleshoot. They will show the claim bag prior to this step. Then view them in vscode so we can easily see the reason. https://learn.microsoft.com/en-us/azure/active-directory-b2c/troubleshoot-with-application-insights?pivots=b2c-custom-policy#see-the-logs-in-vs-code-extension – Jas Suri - MSFT Mar 26 '22 at 15:05
  • The email is not in the claims bag.. – Bnd10706 Mar 28 '22 at 13:55

0 Answers0