Fixing one of the Azure AD B2C samples that blocks a disabled federated user.

Image showing “No entry”.

This was inspired by a stackoverflow question.

It refers to a B2C sample custom policy.

Looking at it, I felt like Alice in Wonderland: “Curiouser and curiouser!’ cried Alice”.

This is an old sample. It still uses “socialIdpUserId”.

<! — The claim socialIdpUserId has been renamed to issuerUserId →

I renamed this in the base file to “issuerUserId”.

Basically, the sample allows you to stop disabled federated users from logging in. Users are disabled if the attribute “extension_accountEnabled” is set to “false”.

So when you run the sample on a disabled federated / social user, you see:

Image showing textbox marked “hide me”.

I wondered why you would present a screen that asked you to hide it with a “hide me” hint? This is essentially a “dead-end” screen. In that case, you wouldn’t display the “Continue” or “Cancel” buttons?

I would have used the “paragraph” element to achieve this. Maybe it wasn’t available when the sample was created?

I wrote that up a while back.

My version is in this gist.

If disabled, the user sees:

Image showing “This account is locked”.

Note that you cannot proceed beyond this screen.

For testing, I used this sample to update the user.

The json file looks like:

"extension_51fc...e4e_accountEnabled": "false"

and the command is:

b2c update-user 38e...c06 update-user.json

All good!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store