OrchardCore
OrchardCore copied to clipboard
Azure AD B2C not returning email claim causes OrchardCore not able to pass the registration view
OrchardCore presents a blank Email field in the registration view after successfully logged in with Azure AD B2C using OpenID protocol and implementation
The missing email claim is a known issue here:
- https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/19526191-openid-connect-id-token-is-missing-email-claim
- https://github.com/MicrosoftDocs/azure-docs/issues/16566
To Reproduce
Steps to reproduce the behavior:
- Have an OrchardCore CMS site running configured to use OpenID client with Azure AD B2C
- Click on the new option to Login using the external provider
- Login with an existing Azure AD B2C user not registered in OrchardCore
- Notice that /OrchardCore.Users/Account/ExternalLoginCallback shows the Email field as blank
Expected behavior
OrchardCore should look for other claim(s) to obtain email information in case email claim is missing which is the case of Azure AD B2C. Perhaps look inside emails array?
Notes
We were able to map name claim from Azure AD B2C to the Username using IExternalLoginEventHandler implementation but there is not option to work with email in that interface.
Maybe add more logic in AccountController line 436 where the email is retrieved to look alternatively for the emails claim? Something like:
var email = info.Principal.FindFirstValue(ClaimTypes.Email) ?? info.Principal.FindFirstValue("email") ?? info.Principal.FindFirstValue("emails");