question

IrinaANDON-6568 avatar image
0 Votes"
IrinaANDON-6568 asked JamesHamil-MSFT answered

I'm missing email from AD when I sign in with GitHub B2C custom policy

Hello,
I integrate sign in/sign up B2C custom policy with GitHub following docs: https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-github?pivots=b2c-custom-policy , it is working but I'm missing the email from AD. Name and surname are missing also when I get data from GitHub, but I can collect them in self asserted form

Even if I have this tehnical profile:
<TechnicalProfiles>
<TechnicalProfile Id="GitHub-OAuth2">
<DisplayName>GitHub</DisplayName>
<Protocol Name="OAuth2" />
<Metadata>
<Item Key="ProviderName">github.com</Item>
<Item Key="authorization_endpoint">https://github.com/login/oauth/authorize</Item>;
<Item Key="AccessTokenEndpoint">https://github.com/login/oauth/access_token</Item>;
<Item Key="ClaimsEndpoint">https://api.github.com/user</Item>;
<Item Key="HttpBinding">GET</Item>
<Item Key="scope">read:user user:email</Item>
<Item Key="UsePolicyInRedirectUri">0</Item>
<Item Key="BearerTokenTransmissionMethod">AuthorizationHeader</Item>
<Item Key="UserAgentForClaimsExchange">CPIM-Basic/{tenant}/{policy}</Item>
<!-- Update the Client ID below to the Application ID -->
<Item Key="client_id">gitHubClientId</Item>
</Metadata>
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_GitHubSecret"/>
</CryptographicKeys>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="first_name" />
<OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="last_name" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />
<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress"/>
<OutputClaim ClaimTypeReferenceId="userPrincipalName" />
<OutputClaim ClaimTypeReferenceId="numericUserId" PartnerClaimType="id" />
<OutputClaim ClaimTypeReferenceId="issuerUserId" />
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="github.com" AlwaysUseDefaultValue="true" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" AlwaysUseDefaultValue="true" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CreateIssuerUserId" />
<OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/>
<OutputClaimsTransformation ReferenceId="CreateUserPrincipalName"/>
<OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId"/>
<OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId"/>
</OutputClaimsTransformations>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
</TechnicalProfile>




it seems that I can't get any data from GitHub, neither the name, surname or email.

Any ideas why?

Also I see in Postman (same auth) name, company, email are 'null'
136158-image.png

Thank you!


azure-ad-b2c
image.png (100.0 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @IrinaANDON-6568 , we are investigating your issue and will update you shortly.

Best,
James

0 Votes 0 ·

1 Answer

JamesHamil-MSFT avatar image
0 Votes"
JamesHamil-MSFT answered

Hi @IrinaANDON-6568 , you might need to add this claim to the relying party output claims section:

 <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />

Also, you need to grant this scope in the Github Portal:

 user:email |Grants read access to a user's email addresses.

Please let me know if this works or if you have any questions!

If this answer helped you please mark it as "Verified" so other users may reference it.

Thank you,
James



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.