rbrayb/Username_ProofUp_MLB2C.xml

## Username_ProofUp_MLB2C.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                      xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06"
                      PolicySchemaVersion="0.3.0.0"
                      TenantId="tenant.onmicrosoft.com"
                      PolicyId="B2C_1A_Username_ProofUp_MLB2C"
                      PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_Username_ProofUp_MLB2C"
                      DeploymentMode="Development"
                      UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights">

	<BasePolicy>
		<TenantId>tenant.onmicrosoft.com</TenantId>
		<PolicyId>B2C_1A_TrustFrameworkExtensionsMFA</PolicyId>
	</BasePolicy>

	<BuildingBlocks>
		<ClaimsSchema>

			<ClaimType Id="mail">
				<DisplayName>Email Address</DisplayName>
				<DataType>string</DataType>
				<AdminHelpText>Email addresses of the user.</AdminHelpText>
				<UserHelpText>Your email addresses.</UserHelpText>
				<UserInputType>TextBox</UserInputType>
			</ClaimType>

			<ClaimType Id="strongAuthenticationEmailAddress">
				<DisplayName>Email Address</DisplayName>
				<DataType>string</DataType>
				<AdminHelpText>Email address that the user can use for strong authentication.</AdminHelpText>
				<UserHelpText>Email address to use for strong authentication.</UserHelpText>
				<UserInputType>TextBox</UserInputType>
			</ClaimType>

			<ClaimType Id="signInNamesInfo.emailAddress">
				<DisplayName>Email Address</DisplayName>
				<DataType>string</DataType>
				<AdminHelpText>Email address that the user can use to sign in.</AdminHelpText>
				<UserHelpText>Email address to use for signing in.</UserHelpText>
				<UserInputType>TextBox</UserInputType>
			</ClaimType>

			<ClaimType Id="emails">
				<DisplayName>Email Addresses</DisplayName>
				<DataType>stringCollection</DataType>
				<AdminHelpText>Email addresses of the user.</AdminHelpText>
				<UserHelpText>Your email addresses.</UserHelpText>
			</ClaimType>

		</ClaimsSchema>

		<ClaimsTransformations>

			<ClaimsTransformation Id="CreateSubjectClaimFromObjectID" TransformationMethod="CreateStringClaim">
				<InputParameters>
					<InputParameter Id="value" DataType="string" Value="Not supported currently. Use oid claim."/>
				</InputParameters>
				<OutputClaims>
					<OutputClaim ClaimTypeReferenceId="sub" TransformationClaimType="createdClaim"/>
				</OutputClaims>
			</ClaimsTransformation>

			<ClaimsTransformation Id="CreateEmailsFromOtherMailsAndSignInNamesInfo" TransformationMethod="AddItemToStringCollection">
				<InputClaims>
					<InputClaim ClaimTypeReferenceId="signInNamesInfo.emailAddress" TransformationClaimType="item"/>
					<InputClaim ClaimTypeReferenceId="otherMails" TransformationClaimType="collection"/>
				</InputClaims>
				<OutputClaims>
					<OutputClaim ClaimTypeReferenceId="emails" TransformationClaimType="collection"/>
				</OutputClaims>
			</ClaimsTransformation>

			<ClaimsTransformation Id="AddStrongAuthenticationEmailToEmails" TransformationMethod="AddItemToStringCollection">
				<InputClaims>
					<InputClaim ClaimTypeReferenceId="strongAuthenticationEmailAddress" TransformationClaimType="item"/>
					<InputClaim ClaimTypeReferenceId="emails" TransformationClaimType="collection"/>
				</InputClaims>
				<OutputClaims>
					<OutputClaim ClaimTypeReferenceId="emails" TransformationClaimType="collection"/>
				</OutputClaims>
			</ClaimsTransformation>

		</ClaimsTransformations>
	</BuildingBlocks>

	<ClaimsProviders>

		<ClaimsProvider>
			<DisplayName>Local Account Username</DisplayName>
			<TechnicalProfiles>

				<TechnicalProfile Id="AAD-UserReadUsingUserName">
					<Metadata>
						<Item Key="Operation">Read</Item>
						<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
					</Metadata>
					<InputClaims>
						<InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.userName"/>
					</InputClaims>
					<OutputClaims>
						<OutputClaim ClaimTypeReferenceId="objectId"/>
						<OutputClaim ClaimTypeReferenceId="displayName"/>
						<OutputClaim ClaimTypeReferenceId="givenName"/>
						<OutputClaim ClaimTypeReferenceId="surname"/>
						<OutputClaim ClaimTypeReferenceId="signInName"/>
						<OutputClaim ClaimTypeReferenceId="mail"/>
						<OutputClaim ClaimTypeReferenceId="accountEnabled"/>
						<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication"/>
						<OutputClaim ClaimTypeReferenceId="strongAuthenticationEmailAddress"/>
					</OutputClaims>
					<OutputClaimsTransformations>
						<OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromObjectID"/>
					</OutputClaimsTransformations>
					<IncludeTechnicalProfile ReferenceId="AAD-ReadCommon"/>
				</TechnicalProfile>

				<TechnicalProfile Id="AAD-ReadCommon">
					<Metadata>
						<Item Key="Operation">Read</Item>
						<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
					</Metadata>
					<OutputClaims>
						<OutputClaim ClaimTypeReferenceId="userPrincipalName"/>
						<OutputClaim ClaimTypeReferenceId="displayName"/>
						<OutputClaim ClaimTypeReferenceId="otherMails"/>
						<OutputClaim ClaimTypeReferenceId="strongAuthenticationEmailAddress" PartnerClaimType="signInNames.emailAddress"/>
					</OutputClaims>
					<OutputClaimsTransformations>
						<OutputClaimsTransformation ReferenceId="CreateEmailsFromOtherMailsAndSignInNamesInfo"/>
						<OutputClaimsTransformation ReferenceId="AddStrongAuthenticationEmailToEmails"/>
					</OutputClaimsTransformations>
					<IncludeTechnicalProfile ReferenceId="AAD-Common"/>
				</TechnicalProfile>

				<TechnicalProfile Id="IdTokenHint_Asymmetric_ExtractClaims">
					<DisplayName>My ID Token Hint Asymmetric Technical Profile</DisplayName>
					<Protocol Name="None"/>
					<Metadata>
						<!-- Replace with your endpoint location -->
						<Item Key="METADATA">https://tenant.b2clogin.com/tenant.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNUP_SIGNIN_MLB2C</Item>
						<Item Key="IdTokenAudience">7bd30dbe...1d14760</Item>
						<Item Key="issuer">http://localhost:57408/</Item>
					</Metadata>
					<OutputClaims>
						<OutputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.userName"/>
					</OutputClaims>
				</TechnicalProfile>
			</TechnicalProfiles>
		</ClaimsProvider>

	</ClaimsProviders>

	<UserJourneys>

		<UserJourney Id="ProofUp_MagicLink_B2C">
			<OrchestrationSteps>

				<OrchestrationStep Order="1" Type="GetClaims" CpimIssuerTechnicalProfileReferenceId="IdTokenHint_Asymmetric_ExtractClaims"/>

				<OrchestrationStep Order="2" Type="ClaimsExchange">
					<ClaimsExchanges>
						<ClaimsExchange Id="Read-WithUsername" TechnicalProfileReferenceId="AAD-UserReadUsingUserName"/>
					</ClaimsExchanges>
				</OrchestrationStep>

				<OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer"/>

			</OrchestrationSteps>
			<ClientDefinition ReferenceId="DefaultWeb"/>
		</UserJourney>
	</UserJourneys>

	<RelyingParty>
		<DefaultUserJourney ReferenceId="ProofUp_MagicLink_B2C"/>
		<UserJourneyBehaviors>
			<JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="xyz" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0"/>
		</UserJourneyBehaviors>
		<TechnicalProfile Id="PolicyProfile">
			<DisplayName>PolicyProfile</DisplayName>
			<Protocol Name="OpenIdConnect"/>
			<InputClaims>
				<InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.userName"/>
			</InputClaims>
			<OutputClaims>
				<OutputClaim ClaimTypeReferenceId="displayName"/>
				<OutputClaim ClaimTypeReferenceId="givenName"/>
				<OutputClaim ClaimTypeReferenceId="surname"/>
				<OutputClaim ClaimTypeReferenceId="signInName"/>
				<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
				<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="Local"/>
				<OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}"/>
			</OutputClaims>
			<SubjectNamingInfo ClaimType="sub"/>
		</TechnicalProfile>
	</RelyingParty>
</TrustFrameworkPolicy>
	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
	<TrustFrameworkPolicy
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:xsd="http://www.w3.org/2001/XMLSchema"
	xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06"
	PolicySchemaVersion="0.3.0.0"
	TenantId="tenant.onmicrosoft.com"
	PolicyId="B2C_1A_Username_ProofUp_MLB2C"
	PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_Username_ProofUp_MLB2C"
	DeploymentMode="Development"
	UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights">

	<BasePolicy>
	<TenantId>tenant.onmicrosoft.com</TenantId>
	<PolicyId>B2C_1A_TrustFrameworkExtensionsMFA</PolicyId>
	</BasePolicy>

	<BuildingBlocks>
	<ClaimsSchema>

	<ClaimType Id="mail">
	<DisplayName>Email Address</DisplayName>
	<DataType>string</DataType>
	<AdminHelpText>Email addresses of the user.</AdminHelpText>
	<UserHelpText>Your email addresses.</UserHelpText>
	<UserInputType>TextBox</UserInputType>
	</ClaimType>

	<ClaimType Id="strongAuthenticationEmailAddress">
	<DisplayName>Email Address</DisplayName>
	<DataType>string</DataType>
	<AdminHelpText>Email address that the user can use for strong authentication.</AdminHelpText>
	<UserHelpText>Email address to use for strong authentication.</UserHelpText>
	<UserInputType>TextBox</UserInputType>
	</ClaimType>

	<ClaimType Id="signInNamesInfo.emailAddress">
	<DisplayName>Email Address</DisplayName>
	<DataType>string</DataType>
	<AdminHelpText>Email address that the user can use to sign in.</AdminHelpText>
	<UserHelpText>Email address to use for signing in.</UserHelpText>
	<UserInputType>TextBox</UserInputType>
	</ClaimType>

	<ClaimType Id="emails">
	<DisplayName>Email Addresses</DisplayName>
	<DataType>stringCollection</DataType>
	<AdminHelpText>Email addresses of the user.</AdminHelpText>
	<UserHelpText>Your email addresses.</UserHelpText>
	</ClaimType>

	</ClaimsSchema>

	<ClaimsTransformations>

	<ClaimsTransformation Id="CreateSubjectClaimFromObjectID" TransformationMethod="CreateStringClaim">
	<InputParameters>
	<InputParameter Id="value" DataType="string" Value="Not supported currently. Use oid claim."/>
	</InputParameters>
	<OutputClaims>
	<OutputClaim ClaimTypeReferenceId="sub" TransformationClaimType="createdClaim"/>
	</OutputClaims>
	</ClaimsTransformation>

	<ClaimsTransformation Id="CreateEmailsFromOtherMailsAndSignInNamesInfo" TransformationMethod="AddItemToStringCollection">
	<InputClaims>
	<InputClaim ClaimTypeReferenceId="signInNamesInfo.emailAddress" TransformationClaimType="item"/>
	<InputClaim ClaimTypeReferenceId="otherMails" TransformationClaimType="collection"/>
	</InputClaims>
	<OutputClaims>
	<OutputClaim ClaimTypeReferenceId="emails" TransformationClaimType="collection"/>
	</OutputClaims>
	</ClaimsTransformation>

	<ClaimsTransformation Id="AddStrongAuthenticationEmailToEmails" TransformationMethod="AddItemToStringCollection">
	<InputClaims>
	<InputClaim ClaimTypeReferenceId="strongAuthenticationEmailAddress" TransformationClaimType="item"/>
	<InputClaim ClaimTypeReferenceId="emails" TransformationClaimType="collection"/>
	</InputClaims>
	<OutputClaims>
	<OutputClaim ClaimTypeReferenceId="emails" TransformationClaimType="collection"/>
	</OutputClaims>
	</ClaimsTransformation>

	</ClaimsTransformations>
	</BuildingBlocks>

	<ClaimsProviders>

	<ClaimsProvider>
	<DisplayName>Local Account Username</DisplayName>
	<TechnicalProfiles>

	<TechnicalProfile Id="AAD-UserReadUsingUserName">
	<Metadata>
	<Item Key="Operation">Read</Item>
	<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
	</Metadata>
	<InputClaims>
	<InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.userName"/>
	</InputClaims>
	<OutputClaims>
	<OutputClaim ClaimTypeReferenceId="objectId"/>
	<OutputClaim ClaimTypeReferenceId="displayName"/>
	<OutputClaim ClaimTypeReferenceId="givenName"/>
	<OutputClaim ClaimTypeReferenceId="surname"/>
	<OutputClaim ClaimTypeReferenceId="signInName"/>
	<OutputClaim ClaimTypeReferenceId="mail"/>
	<OutputClaim ClaimTypeReferenceId="accountEnabled"/>
	<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication"/>
	<OutputClaim ClaimTypeReferenceId="strongAuthenticationEmailAddress"/>
	</OutputClaims>
	<OutputClaimsTransformations>
	<OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromObjectID"/>
	</OutputClaimsTransformations>
	<IncludeTechnicalProfile ReferenceId="AAD-ReadCommon"/>
	</TechnicalProfile>

	<TechnicalProfile Id="AAD-ReadCommon">
	<Metadata>
	<Item Key="Operation">Read</Item>
	<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
	</Metadata>
	<OutputClaims>
	<OutputClaim ClaimTypeReferenceId="userPrincipalName"/>
	<OutputClaim ClaimTypeReferenceId="displayName"/>
	<OutputClaim ClaimTypeReferenceId="otherMails"/>
	<OutputClaim ClaimTypeReferenceId="strongAuthenticationEmailAddress" PartnerClaimType="signInNames.emailAddress"/>
	</OutputClaims>
	<OutputClaimsTransformations>
	<OutputClaimsTransformation ReferenceId="CreateEmailsFromOtherMailsAndSignInNamesInfo"/>
	<OutputClaimsTransformation ReferenceId="AddStrongAuthenticationEmailToEmails"/>
	</OutputClaimsTransformations>
	<IncludeTechnicalProfile ReferenceId="AAD-Common"/>
	</TechnicalProfile>

	<TechnicalProfile Id="IdTokenHint_Asymmetric_ExtractClaims">
	<DisplayName>My ID Token Hint Asymmetric Technical Profile</DisplayName>
	<Protocol Name="None"/>
	<Metadata>
	<!-- Replace with your endpoint location -->
	<Item Key="METADATA">https://tenant.b2clogin.com/tenant.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1A_SIGNUP_SIGNIN_MLB2C</Item>
	<Item Key="IdTokenAudience">7bd30dbe...1d14760</Item>
	<Item Key="issuer">http://localhost:57408/</Item>
	</Metadata>
	<OutputClaims>
	<OutputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.userName"/>
	</OutputClaims>
	</TechnicalProfile>
	</TechnicalProfiles>
	</ClaimsProvider>

	</ClaimsProviders>

	<UserJourneys>

	<UserJourney Id="ProofUp_MagicLink_B2C">
	<OrchestrationSteps>

	<OrchestrationStep Order="1" Type="GetClaims" CpimIssuerTechnicalProfileReferenceId="IdTokenHint_Asymmetric_ExtractClaims"/>

	<OrchestrationStep Order="2" Type="ClaimsExchange">
	<ClaimsExchanges>
	<ClaimsExchange Id="Read-WithUsername" TechnicalProfileReferenceId="AAD-UserReadUsingUserName"/>
	</ClaimsExchanges>
	</OrchestrationStep>

	<OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer"/>

	</OrchestrationSteps>
	<ClientDefinition ReferenceId="DefaultWeb"/>
	</UserJourney>
	</UserJourneys>

	<RelyingParty>
	<DefaultUserJourney ReferenceId="ProofUp_MagicLink_B2C"/>
	<UserJourneyBehaviors>
	<JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="xyz" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0"/>
	</UserJourneyBehaviors>
	<TechnicalProfile Id="PolicyProfile">
	<DisplayName>PolicyProfile</DisplayName>
	<Protocol Name="OpenIdConnect"/>
	<InputClaims>
	<InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.userName"/>
	</InputClaims>
	<OutputClaims>
	<OutputClaim ClaimTypeReferenceId="displayName"/>
	<OutputClaim ClaimTypeReferenceId="givenName"/>
	<OutputClaim ClaimTypeReferenceId="surname"/>
	<OutputClaim ClaimTypeReferenceId="signInName"/>
	<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
	<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="Local"/>
	<OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}"/>
	</OutputClaims>
	<SubjectNamingInfo ClaimType="sub"/>
	</TechnicalProfile>
	</RelyingParty>
	</TrustFrameworkPolicy>