more changes and bumped main package to 0.0.2

custompolicies/B2C_1A_SIGNIN_WITH_OBJECTID_MAGICLINK.xml

@@ -45,7 +45,7 @@
           <DisplayName> My ID Token Hint TechnicalProfile</DisplayName>
           <Protocol Name="None" />
           <Metadata>
-            <Item Key="METADATA">{{apibaseurl}}oidc/.well-known/openid-configuration/Item>
+            <Item Key="METADATA">{{apibaseurl}}oidc/.well-known/openid-configuration</Item>
             <!-- <Item Key="IdTokenAudience">your_optional_audience_override</Item> -->
             <!-- <Item Key="issuer">your_optional_token_issuer_override</Item> -->
           </Metadata>
@@ -181,7 +181,6 @@
         <OutputClaim ClaimTypeReferenceId="displayName" />
         <OutputClaim ClaimTypeReferenceId="givenName" />
         <OutputClaim ClaimTypeReferenceId="surname" />
-        <OutputClaim ClaimTypeReferenceId="email" />
         <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />
         <OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}" />
       </OutputClaims>

example/Muljin.B2CMagicLink.Example/Muljin.B2CMagicLink.Example.csproj

@@ -14,8 +14,8 @@
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
     <PackageReference Include="Microsoft.Graph" Version="5.18.0" />
     <PackageReference Include="SendGrid" Version="9.28.1" />
-    <PackageReference Include="Muljin.B2CMagicLink.AzureKeyVault" Version="0.0.1" />
-    <PackageReference Include="Muljin.B2CMagicLink" Version="0.0.1" />
+    <PackageReference Include="Muljin.B2CMagicLink.AzureKeyVault" Version="0.0.2" />
+    <PackageReference Include="Muljin.B2CMagicLink" Version="0.0.2" />
   </ItemGroup>
 
   <ItemGroup>
@@ -33,4 +33,12 @@
   <ItemGroup>
     <Content Remove="wwwroot\" />
   </ItemGroup>
+  <!--<ItemGroup>
+    <ProjectReference Include="..\..\src\Muljin.B2CMagicLink\Muljin.B2CMagicLink\Muljin.B2CMagicLink.csproj">
+      <GlobalPropertiesToRemove></GlobalPropertiesToRemove>
+    </ProjectReference>
+    <ProjectReference Include="..\..\src\Muljin.B2CMagicLink\Muljin.B2CMagicLink.AzureKeyVault\Muljin.B2CMagicLink.AzureKeyVault.csproj">
+      <GlobalPropertiesToRemove></GlobalPropertiesToRemove>
+    </ProjectReference>
+  </ItemGroup>-->
 </Project>

example/Muljin.B2CMagicLink.Example/Services/EmailService.cs

@@ -9,9 +9,9 @@ namespace Muljin.B2CMagicLink.Example.Services
 {
 	public class EmailService
 	{
-		//private static string magicLinkFlowUrl = "https://Muljin.b2clogin.com/Muljin.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_SIGNIN_WITH_EMAIL&client_id=64257a7a-3240-4021-8860-45af0bbd6734&nonce=defaultNonce&redirect_uri={0}&scope=openid&response_type=code";
+        //private static string magicLinkFlowUrl = "https://Muljin.b2clogin.com/Muljin.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_SIGNIN_WITH_OBJECTID&client_id=64257a7a-3240-4021-8860-45af0bbd6734&nonce=defaultNonce&redirect_uri={0}&scope=openid&response_type=code";
 
-		private readonly string magicLinkFlowUrl;
+        private readonly string magicLinkFlowUrl;
 		private readonly SendGridOptions _sendGridOptions;
 
         public EmailService(IOptions<SendGridOptions> sendGridOptions,

example/Muljin.B2CMagicLink.Example/Services/UsersService.cs

@@ -36,7 +36,7 @@ await _b2cService.CreateUserAsync(new Models.CreateUserRequest()
 				});
 			}
 
-			var token = await _oidcService.BuildSerializedIdTokenAsync(_azureAdB2cOptions.ClientId, 15, email);
+			var token = await _oidcService.BuildSerializedIdTokenByObjectIdAsync(_azureAdB2cOptions.ClientId, 15, user!.Subject);
 			await _emailService.SendMagicLinkAsync(email, token);
 		}
 	}

example/Muljin.B2CMagicLink.Example/wwwroot/authresult.html

@@ -15,7 +15,7 @@ <h1>Auth results:</h1>
         const msalConfig = {
         auth: {
             clientId: '64257a7a-3240-4021-8860-45af0bbd6734',
-            authority: 'https://muljin.b2clogin.com/tfp/14182de3-6b9b-4138-a0fa-e4107db293e5/B2C_1A_SIGNIN_WITH_EMAIL',
+                authority: 'https://muljin.b2clogin.com/tfp/14182de3-6b9b-4138-a0fa-e4107db293e5/B2C_1A_SIGNIN_WITH_OBJECTID',
             knownAuthorities: ['https://muljin.b2clogin.com/']
         }
     };

example/custompolicies/B2C_1A_SIGNIN_WITH_OBJECTID_MAGICLINK.xml

@@ -0,0 +1,190 @@
+<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="muljin.onmicrosoft.com" PolicyId="B2C_1A_SIGNIN_WITH_OBJECTID" PublicPolicyUri="http://muljin.onmicrosoft.com/B2C_1A_signin_with_objectid" DeploymentMode="Development" UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights" TenantObjectId="8d2c00a7-5c50-4f59-8011-2faf7454f26f">
+  <BasePolicy>
+    <TenantId>muljin.onmicrosoft.com</TenantId>
+    <PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>
+  </BasePolicy>
+  <BuildingBlocks>
+    <ClaimsSchema>
+      <!--Sample: Stores the error message for unsolicited request (a request without id_token_hint) and user not found-->
+      <ClaimType Id="errorMessage">
+        <DisplayName>Error</DisplayName>
+        <DataType>string</DataType>
+        <UserHelpText>Add help text here</UserHelpText>
+        <UserInputType>Paragraph</UserInputType>
+      </ClaimType>
+    </ClaimsSchema>
+    <ClaimsTransformations>
+      <!--Sample: Initiates the errorMessage claims type with the error message-->
+      <ClaimsTransformation Id="CreateUnsolicitedErrorMessage" TransformationMethod="CreateStringClaim">
+        <InputParameters>
+          <InputParameter Id="value" DataType="string" Value="Invalid magic link. Please try logging in again via the portal and ensure to follow the correct link." />
+        </InputParameters>
+        <OutputClaims>
+          <OutputClaim ClaimTypeReferenceId="errorMessage" TransformationClaimType="createdClaim" />
+        </OutputClaims>
+      </ClaimsTransformation>
+      <!--Sample: Initiates the errorMessage claims type with the error message user not found-->
+      <ClaimsTransformation Id="CreateUserNotFoundErrorMessage" TransformationMethod="CreateStringClaim">
+        <InputParameters>
+          <InputParameter Id="value" DataType="string" Value="The account you have attempted to login with is not registered. Please contact customer support." />
+        </InputParameters>
+        <OutputClaims>
+          <OutputClaim ClaimTypeReferenceId="errorMessage" TransformationClaimType="createdClaim" />
+        </OutputClaims>
+      </ClaimsTransformation>
+    </ClaimsTransformations>
+  </BuildingBlocks>
+  <ClaimsProviders>
+    <!--Sample: This technical profile specifies how B2C should validate your token, and what claims you want B2C to extract from the token. 
+      The METADATA value in the TechnicalProfile meta-data is required. 
+      The “IdTokenAudience” and “issuer” arguments are optional (see later section)-->
+    <ClaimsProvider>
+      <DisplayName>My ID Token Hint ClaimsProvider</DisplayName>
+      <TechnicalProfiles>
+        <TechnicalProfile Id="IdTokenHint_ExtractClaims_ObjectId">
+          <DisplayName> My ID Token Hint TechnicalProfile</DisplayName>
+          <Protocol Name="None" />
+          <Metadata>
+            <Item Key="METADATA">https://muljinmagiclinkexample.azurewebsites.net/oidc/.well-known/openid-configuration</Item>
+            <!-- <Item Key="IdTokenAudience">your_optional_audience_override</Item> -->
+            <!-- <Item Key="issuer">your_optional_token_issuer_override</Item> -->
+          </Metadata>
+          <OutputClaims>
+            <!--Sample: Read the object id claim from the id_token_hint-->
+            <OutputClaim ClaimTypeReferenceId="objectId" />
+          </OutputClaims>
+        </TechnicalProfile>
+      </TechnicalProfiles>
+    </ClaimsProvider>
+    <ClaimsProvider>
+      <DisplayName>Self Asserted</DisplayName>
+      <TechnicalProfiles>
+        <!-- Demo: Show error message-->
+        <TechnicalProfile Id="SelfAsserted-Error">
+          <DisplayName>Unsolicited error message</DisplayName>
+          <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
+          <Metadata>
+            <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
+            <!-- Sample: Remove the continue button-->
+            <Item Key="setting.showContinueButton">false</Item>
+          </Metadata>
+          <InputClaims>
+            <InputClaim ClaimTypeReferenceId="errorMessage" />
+          </InputClaims>
+          <OutputClaims>
+            <OutputClaim ClaimTypeReferenceId="errorMessage" />
+          </OutputClaims>
+        </TechnicalProfile>
+        <!-- Demo: Show unsolicited error message-->
+        <TechnicalProfile Id="SelfAsserted-Unsolicited">
+          <InputClaimsTransformations>
+            <InputClaimsTransformation ReferenceId="CreateUnsolicitedErrorMessage" />
+          </InputClaimsTransformations>
+          <IncludeTechnicalProfile ReferenceId="SelfAsserted-Error" />
+        </TechnicalProfile>
+        <!-- Demo: Show user not found error message-->
+        <TechnicalProfile Id="SelfAsserted-UserNotFound">
+          <InputClaimsTransformations>
+            <InputClaimsTransformation ReferenceId="CreateUserNotFoundErrorMessage" />
+          </InputClaimsTransformations>
+          <IncludeTechnicalProfile ReferenceId="SelfAsserted-Error" />
+        </TechnicalProfile>
+      </TechnicalProfiles>
+    </ClaimsProvider>
+    <ClaimsProvider>
+      <DisplayName>Azure Active Directory</DisplayName>
+      <TechnicalProfiles>
+        <TechnicalProfile Id="AAD-UserReadUsingObjectId">
+          <Metadata>
+            <!--Sample: don't raise error if user not found. We have an orchestration step to handle the error message-->
+            <Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">false</Item>
+          </Metadata>
+          <OutputClaims>
+            <!--Sample: add optional claims to read from the directory-->
+            <OutputClaim ClaimTypeReferenceId="givenName" />
+            <OutputClaim ClaimTypeReferenceId="surname" />
+          </OutputClaims>
+        </TechnicalProfile>
+      </TechnicalProfiles>
+    </ClaimsProvider>
+    <ClaimsProvider>
+      <DisplayName>Token Issuer</DisplayName>
+      <TechnicalProfiles>
+        <TechnicalProfile Id="JwtIssuer">
+          <Metadata>
+            <Item Key="token_lifetime_secs">3600</Item>
+            <Item Key="id_token_lifetime_secs">3600</Item>
+            <Item Key="refresh_token_lifetime_secs">7776000</Item>
+            <Item Key="rolling_refresh_token_lifetime_secs">7776000</Item>
+            <Item Key="allow_infinite_rolling_refresh_token">true</Item>
+            <!-- <Item Key="IssuanceClaimPattern">AuthorityAndTenantGuid</Item>
+            <Item Key="AuthenticationContextReferenceClaimPattern">None</Item> -->
+          </Metadata>
+        </TechnicalProfile>
+      </TechnicalProfiles>
+    </ClaimsProvider>
+  </ClaimsProviders>
+  <UserJourneys>
+    <UserJourney Id="SignInWithObjectIdToken">
+      <OrchestrationSteps>
+        <!--Sample: Read the input claims from the id_token_hint-->
+        <OrchestrationStep Order="1" Type="GetClaims" CpimIssuerTechnicalProfileReferenceId="IdTokenHint_ExtractClaims_ObjectId" />
+        <!-- Sample: Check if user tries to run the policy without invitation -->
+        <OrchestrationStep Order="2" Type="ClaimsExchange">
+          <Preconditions>
+            <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
+              <Value>objectId</Value>
+              <Action>SkipThisOrchestrationStep</Action>
+            </Precondition>
+          </Preconditions>
+          <ClaimsExchanges>
+            <ClaimsExchange Id="SelfAsserted-Unsolicited" TechnicalProfileReferenceId="SelfAsserted-Unsolicited" />
+          </ClaimsExchanges>
+        </OrchestrationStep>
+        <!--Sample: Read the user properties from the directory-->
+        <OrchestrationStep Order="3" Type="ClaimsExchange">
+          <ClaimsExchanges>
+            <ClaimsExchange Id="AADUserReadUsingObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
+          </ClaimsExchanges>
+        </OrchestrationStep>
+        <!-- Sample: Check whether the user not existed in the directory -->
+        <OrchestrationStep Order="4" Type="ClaimsExchange">
+          <Preconditions>
+            <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
+              <Value>objectId</Value>
+              <Action>SkipThisOrchestrationStep</Action>
+            </Precondition>
+          </Preconditions>
+          <ClaimsExchanges>
+            <ClaimsExchange Id="SelfAssertedUserNotFound" TechnicalProfileReferenceId="SelfAsserted-UserNotFound" />
+          </ClaimsExchanges>
+        </OrchestrationStep>
+        <!--Sample: Issue an access token-->
+        <OrchestrationStep Order="5" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
+      </OrchestrationSteps>
+      <ClientDefinition ReferenceId="DefaultWeb" />
+    </UserJourney>
+  </UserJourneys>
+  <RelyingParty>
+    <DefaultUserJourney ReferenceId="SignInWithObjectIdToken" />
+    <UserJourneyBehaviors>
+      <JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="9362c996-c7fd-49de-98bc-f1a3a4ff7a26" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0" />
+    </UserJourneyBehaviors>
+    <TechnicalProfile Id="PolicyProfile">
+      <DisplayName>PolicyProfile</DisplayName>
+      <Protocol Name="OpenIdConnect" />
+      <!--Sample: Set the input claims to be read from the id_token_hint-->
+      <InputClaims>
+        <InputClaim ClaimTypeReferenceId="objectId" />
+      </InputClaims>
+      <OutputClaims>
+        <OutputClaim ClaimTypeReferenceId="displayName" />
+        <OutputClaim ClaimTypeReferenceId="givenName" />
+        <OutputClaim ClaimTypeReferenceId="surname" />
+        <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />
+        <OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}" />
+      </OutputClaims>
+      <SubjectNamingInfo ClaimType="sub" />
+    </TechnicalProfile>
+  </RelyingParty>
+</TrustFrameworkPolicy>