I am attempting to set up MFA using email for a sign in page that leverages B2C Custom Policies. I set it up following this repo.
My xml follows the aforementioned repo very similarly, it just does not include the phone MFA steps and automatically gets the user's email from their B2C User account.
The flow works somewhat as expected but it does not generate an email when i click the "send verification" button. Instead I get a 500 response:
https://myApp.b2clogin.com/myApp.onmicrosoft.com/B2C_1A_signup_signin_admin/SelfAsserted?tx=StateProperties=eyJUSUQiOiJlMTRlY2VlZi0yY2NkLTQ5NGYtYWVjOC0wMjdiY2QzZmIxZmQifQ&p=B2C_1A_signup_signin_admin 500 (Internal Server Error)
The payload is: tx: StateProperties=eyJUSUQiOiJlMTRlY2VlZi0yY2NkLTQ5NGYtYWVjOC0wMjdiY2QzZmIxZmQifQ p: B2C_1A_signup_signin_admin (empty) request_type: VERIFICATION_REQUEST claim_id: readOnlyEmail claim_value: [email protected]
And the response: The page cannot be displayed because an internal server error has occurred.
I have checked the B2C logs, my logs in my backend that are utilized for a REST call before this step, and all the app insights logs we have set up for B2C. I don't see anything specifically referencing this error or what specifically is causing it.
Is there even an internal email service for B2C custom policies? Or do I need to set that up myself and use sendgrid or something? Otherwise, what could be causing the issue here? Thanks
Yes, there is, for example, PartnerClaimType="Verified.Email" sends an email, and "PhoneFactor-InputOrVerify" sends an SMS message.
But you can't brand these messages or customise them.
For that, you can use e.g. SendGrid or write your own API.