Rory Braybrook
Jun 12 · 2 min read

If something goes wrong with B2C internally, you get this message.

(BTW, if you want to brand this page you need to use the “ContentDefinition” for “api.error”).

The question is how to generate an error page from the custom policy itself.

The first problem is that to show the user a message you need a screen and in B2C that’s called a self-asserted flow — one in which the user is expected to provide input.

It follows then that this screen has to have at least one input element e.g. a textbox. So you could have:

Then you have to input a valid email address and click “Continue” and then you see:

The error message uses e.g.

<Item Key=”UserMessageIfClaimsTransformationBooleanValueIsNotEqual”>This is an error message to display on the screen</Item>

as in this article.

That is definitely not a good user experience!

What we really want is something like this:

We can do this via the “Paragraph” user input type, described here.

I’ve put the bits and pieces to do this in the gist.

  • Define a claim type of “errorMessage”
  • Define the text of the error message for this claim type
  • Define a self-asserted technical profile to display the error “SelfAsserted-Error”
  • This TP removes the “Continue” and “Cancel” buttons
  • Define an InputClaimsTransformation to add the error text
  • Define an OrchestrationStep with a precondition to define when the error message should be displayed

And that’s pretty much it.

If e.g. you wanted to have the “Cancel” button and the user clicked on it, you would see:

#error=access_denied&error_description=AADB2C90091 The user has cancelled entering self-asserted information

All good!

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Rory Braybrook

Written by

NZ Microsoft Identity dude. Microsoft MVP. Azure AD/B2C/ADFS. Plus Auth0/identityserver. N. Shore .NET UG Admin. Presentations: http://bit.ly/334ZPt5

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade