samples icon indicating copy to clipboard operation
samples copied to clipboard

Published 20 hours ago verified publisher icon azure-ad-b2c

GivenName and Surname claims not extracted from Microsoft Account

Open charlesroddie opened this issue 6 years ago • 11 comments

If GivenName/Surname are selected in User attributes, then the user is asked to enter these explicitly, when instead they should be extracted from social providers.

If GivenName/Surname are not selected in User attributes, then they do not appear to the application in the list of claims, even when selected under “Application claims”.

As a result, to avoid the user having an extra step of re-entering first name and surname, this information must be extracted from the Name claim and parsed into GivenName and Surname. This workaround is not perfect as parsing a Name into GivenName and Surname is not guaranteed to work.

Is this a known issue in AD B2C?

charlesroddie avatar Sep 04 '19 23:09 charlesroddie

If I understand correctly, the question is related to user flow and not custom policy. If that is the case, B2C should extract the GiveName and Surname from the external IDP, and present it to the user (pre-fill the value), so user can change the default values return be the external IDP.

As you mentioned if the claims are not specified in the "User Attributes", they are empty and not return to the "Application claims".

With custom policy, you can transfer the claims from the external IDP directly to the app, without asking the user to provide the values (also the values are pre-filled)

yoelhor avatar Sep 05 '19 12:09 yoelhor

Thanks. Yes this is user flow.

B2C should extract the GiveName and Surname from the external IDP, and present it to the user (pre-fill the value), so user can change the default values return be the external IDP.

I see. Seems strange to allow editing of these things. But regardless, GivenName and Surname are not getting pre-filled.

charlesroddie avatar Sep 05 '19 14:09 charlesroddie

With custom policy you can transfer those claims in read only too. The default behaviour is to allow the user to edit that data.

JasSuri avatar Oct 03 '19 08:10 JasSuri

B2C should extract the GiveName and Surname from the external IDP, and present it to the user (pre-fill the value)

On further testing, we are finding that Google accounts and Active Directory do pre-fill GivenName and Surname fields. However Microsoft accounts don't. So there is a current bug with the Microsoft account user flow identity provider not pre-filling these fields.

charlesroddie avatar Oct 15 '19 11:10 charlesroddie

Same issue is available in GitHub B2C integration as well. Given Name/SurName and email not populating. Is it bug in Azure AD B2C tenant of is there any solution for that ? (related to user flow SignIn/SingUp)

sashikab85 avatar Oct 27 '19 09:10 sashikab85

@JasSuri With custom policy you can transfer those claims in read only too. The default behaviour is to allow the user to edit that data.

This doesn't affect us any more as we are moving to a custom policy, but please note that allowing editing of user data makes B2C unusable without custom policies. Even if you fix the prefilling bugs it's still unusable because it involves an extra screen appearing. C stands for consumer and consumers need a streamlined process. When we used default policies all reviewers found the B2C login part of our app inadequate. The login experience needs to be as simple using B2C as it is for native successful apps on ios/android/windows.

charlesroddie avatar Feb 29 '20 14:02 charlesroddie

@charlesroddie thanks for the feedback. It is tricky for us to build prebaked flows due to the “C” you mention, everyone’s customers are different and they want different UXs. Essentially if the User Flows are not getting the UX you need, the Custom Flows allow you the full customisability. On that I shall close this off.

JasSuri avatar Feb 29 '20 23:02 JasSuri

@JasSuri closing this issue without doing anything is not correct. It's still a bug that the GivenName and Surname claims aren't filled correctly. Regardless of the flow people would like to use. These 2 default claims should be there. It works for Facebook so why shouldn't it for Microsoft accounts

blieven1 avatar Mar 02 '20 20:03 blieven1

I have the same problem with Okta accounts - given name and family name are not prefilled. If I request an Okta token with the profile scope I get back the given name, last name, and display name claims. When I request the token through B2C, I only get back the display name. The claim configuration all looks correct (in the IDP config and the user flow config).

blake-mealey avatar Jul 02 '20 15:07 blake-mealey

Raise this issue on stackoverflow please, it is not an issue with any of the custom policy examples here.

JasSuri avatar Jul 02 '20 15:07 JasSuri

@JasSuri, @charlesroddie and @blieven1 both nailed it. The UX of the built in user flows is so bad, they're unusable. I would love to use Custom policies, except developing those is literally 20x the amount of dev work, they are VERY difficult to implement. Way too much XML, dizzying documentation, no designer tool that can generate the plethora of xml needed, and extremely time consuming and difficult to test and debug.

True, all companies have their own UX (like some want the user to edit first/last name, others want to skip and fast-track the sign-up). But that is as simple as a checkbox in the portal config. A few tweaks to the platform could go a long way in meeting more needs out of the box.

Now, as for where this feedback should be posted, are you suggesting stack overflow? That is more of a question/answer place on how to do things. Where is the best place for feature requests / ux fixes for b2c both built-in and custom policies, etc?

dapug avatar Sep 16 '21 05:09 dapug