Fixing one of the Azure AD B2C samples that blocks a disabled federated user.
This was inspired by a stackoverflow question.
It refers to a B2C sample custom policy.
Looking at it, I felt like Alice in Wonderland: “Curiouser and curiouser!’ cried Alice”.
This is an old sample. It still uses “socialIdpUserId”.
<! — The claim socialIdpUserId has been renamed to issuerUserId →
I renamed this in the base file to “issuerUserId”.
Basically, the sample allows you to stop disabled federated users from logging in. Users are disabled if the attribute “extension_accountEnabled” is set to “false”.
So when you run the sample on a disabled federated / social user, you see:
I wondered why you would present a screen that asked you to hide it with a “hide me” hint? This is essentially a “dead-end” screen. In that case, you wouldn’t display the “Continue” or “Cancel” buttons?
I would have used the “paragraph” element to achieve this. Maybe it wasn’t available when the sample was created?
I wrote that up a while back.
My version is in this gist.
If disabled, the user sees:
Note that you cannot proceed beyond this screen.
For testing, I used this sample to update the user.
The json file looks like:
{
"extension_51fc...e4e_accountEnabled": "false"
}
and the command is:
b2c update-user 38e...c06 update-user.json
All good!