Auto-account-linking sample doesn't gracefully handle social sign up when email address isn't supplied by IDP

[ajbeaven]

trafficstars

When registering via Facebook (and probably other social IDPs), the user must approve access for the developer's app to have permissions to read the user's email address. That access can be withheld here:

The auto-account-linking sample fails with the following error if a user attempts to sign up using a social IDP without giving access to their email address:

Message contains error: 'server_error', error_description: 'AADB2C90037: An error occurred while processing the request. Please contact administrator of the site you are trying to access. Correlation ID: d72956b5-f969-4168-8e62-e1c9939ffbc5 Timestamp: 2023-04-03 16:48:06Z ', error_uri: 'error_uri is null'.

This isn't particularly useful, but there are some logs that the Azure support team can pull out that are more descriptive:

Microsoft.Cpim.Common.PolicyException: An error occurred while processing the request. Please contact administrator of the site you are trying to access. ---> Microsoft.Cpim.Data.InvalidReferenceException: A claim could not be found for lookup claim with id "socialEmail" defined in technical profile with id "AAD-FindLocalAccountWithSocialEmail" policy "B2C_1A_SIGNUP_SIGNIN" of tenant "myapp.onmicrosoft.com". ---> System.Collections.Generic.KeyNotFoundException: Claim with id 'socialEmail' was not found in the collection. ---> System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.

I don't think the same error occurs in the base social starter packs as they appear to happily create an AAD user with no email address identity. It's only in this sample, where the email address is used to search for a matching local account, that it will fail.