samples
samples copied to clipboard
azure-ad-b2c
Display control session lifetime
From the docs (https://docs.microsoft.com/en-us/azure/active-directory-b2c/display-controls#output-claims):
The output claims of a display control are not sent to the next orchestration step. They are saved temporarily only for the current display control session. These temporary claims can be shared between the different actions of the same display control.
What exactly does it mean that They are saved temporarily only for the current display control session? I thought after refreshing page these temporarly claims would be cleaned up, however this is not the case.
In my scenario I wanted to force recaptcha verification during email verification only when user sends code for the first time (so he is not required to fill captcha when sending new code or after changing email). I'm talking about this:
So I have added additional ValidationClaimsExchangeTechnicalProfile to SendCode action. It executes technical profile for captcha validation which on successful validation sets recaptcha_verified claim to true.
DisplayControl definition:
<DisplayControl Id="emailVerificationControl" UserInterfaceControlType="VerificationControl">
<DisplayClaims>
<DisplayClaim ClaimTypeReferenceId="email" Required="true" />
<DisplayClaim ClaimTypeReferenceId="verification_code" ControlClaimType="VerificationCode" Required="true" />
<DisplayClaim ClaimTypeReferenceId="g-recaptcha-user-token" />
</DisplayClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="email" />
<OutputClaim ClaimTypeReferenceId="recaptcha_verified" />
</OutputClaims>
<Actions>
<Action Id="SendCode">
<ValidationClaimsExchange>
<ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="REST-VerifyRecaptcha">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>recaptcha_verified</Value>
<Value>true</Value>
<Action>SkipThisValidationTechnicalProfile</Action>
</Precondition>
</Preconditions>
</ValidationClaimsExchangeTechnicalProfile>
<ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="GenerateOtp" />
<ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="SendOtp" />
</ValidationClaimsExchange>
</Action>
<Action Id="VerifyCode">
<ValidationClaimsExchange>
<ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="VerifyOtp" />
</ValidationClaimsExchange>
</Action>
</Actions>
</DisplayControl>
REST-VerifyCaptcha technical profile:
<TechnicalProfile Id="REST-VerifyRecaptcha">
<DisplayName>Verify Captcha</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
[...]
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="recaptcha_verified" DefaultValue="true" AlwaysUseDefaultValue="true"/>
</OutputClaims>
</TechnicalProfile>
As you can see there is a precondition on the REST-VerifyRecaptcha validation technical profile within DisplayControl. For basic scenario it works fine, i.e. when user clicks "Send code" button the validation technical profile is executed and when user clicks "Send new code" button the validation technical profile is skipped.
But after user refreshes page using F5 and then he comes back again to registration page - the REST-VerifyRecaptcha is still skipped. I expected it to be executed as I though page rerender would clear DisplayControl temporary claims.
Any suggestions how to clear DisplayControl temporary claims after page refresh?
