Rory Braybrook
Jun 19 · 2 min read

I came across some requirements for an application that has a number of different user flows.

One of the requirements was to invoke different IDP depending on the email address that the user was asked to enter on the landing page.

So if the email address was “joe@company.com”, the application would redirect to the company’s ADFS login page whereas if the email address was “joe@gmail.com”, the application would redirect to the company’s B2C login page.

That’s easy to do but the problem is that when the user gets to the login page, they have to enter the email address again. Not a good user experience.

Is there a way to carry the email address over? Turns out there is using “login_hint”.

Note: I have only tested this with OpenID Connect.

So for ADFS, the URL would be:

https://my-adfs44/adfs/oauth2/authorize/?client_id=c3…e45f&redirect_uri=http://help2&response_mode=form_post&response_type=code&scope=openid+profile&nonce=nonce&login_hint=joe@company.com

This results in:

For B2C, the URL would be:

https://my-b2c.b2clogin.com/my-b2c.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1_SignUpSignInV2&client_id=56b…f0d&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fjwt.io&scope=openid&response_type=id_token&prompt=login&login_hint=joe@gmail.com

This results in:

Just for completeness, this also works with Azure AD.

The URL would be:

https://login.microsoftonline.com/00d…c79/oauth2/authorize?client_id=d93…125d&redirect_uri=https%3A%2F%2Fjwt.io&response_mode=form_post&response_type=code&scope=openid+profile&nonce=nonce&login_hint=joe@company.com

This results in:

Nice!

All good!

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Rory Braybrook

Written by

NZ Microsoft Identity dude. Microsoft MVP. Azure AD/B2C/ADFS. Plus Auth0/identityserver. N. Shore .NET UG Admin. Presentations: http://bit.ly/334ZPt5

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade