My users connect with a username and provide an email for password recovery, using the default combined signup/signin user flow configured for userId. To be clear, this is the email in the "Authentication contact info" section in B2C.
I want my users to be able to change this email. This page got me started on a custom policy and it works but I want the strongAuthenticationEmailAddress claim to be verified using standard B2C email verification. I can get the regular email claim to be verified but trying to apply the same logic to strongAuthenticationEmailAddress either does nothing, or entirely skip the step depending on what I try.
So basically I'd want this (or whatever would be the correct way).
<OutputClaim ClaimTypeReferenceId="strongAuthenticationEmailAddress" PartnerClaimType="Verified.strongAuthenticationEmailAddress" Required="true"/>
To cause an email verification like this does
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.email" Required="true"/>
