Open ajbeaven opened 1 year ago
@JasSuri Any news on this? Because I'm also trying to integrate the mentioned policy (auto-account-linking), yet it fails, too:
Application Insights log excerpt:
"Exception": {
"Kind": "Handled",
"HResult": "80131500",
"Message": "A claim could not be found for lookup claim with id \"socialEmail\" defined in technical profile with id \"AAD-FindLocalAccountWithSocialEmail\" policy \"B2C_1A_signup_signin\" of tenant \"myTenant.onmicrosoft.com\".",
"Data": {
"IsPolicySpecificError": true,
"TenantId": "hmdportal.onmicrosoft.com",
"PolicyId": "B2C_1A_signup_signin",
"technicalProfile.Id": "AAD-FindLocalAccountWithSocialEmail",
"identifierClaimMapping.PolicyClaimType.Id": "socialEmail"
},
"Exception": {
"Kind": "Handled",
"HResult": "80131577",
"Message": "Claim with id 'socialEmail' was not found in the collection. ",
"Data": {
"claimTypeId": "socialEmail",
"description": null,
"action": null
},
"Exception": {
"Kind": "Handled",
"HResult": "80131577",
"Message": "The given key was not present in the dictionary.",
"Data": {}
}
}
}
When registering via Facebook (and probably other social IDPs), the user must approve access for the developer's app to have permissions to read the user's email address. That access can be withheld here:
The auto-account-linking sample fails with the following error if a user attempts to sign up using a social IDP without giving access to their email address:
This isn't particularly useful, but there are some logs that the Azure support team can pull out that are more descriptive:
I don't think the same error occurs in the base social starter packs as they appear to happily create an AAD user with no email address identity. It's only in this sample, where the email address is used to search for a matching local account, that it will fail.