rbrayb/CreateUser.json

## CreateUser.json
{
	"accountEnabled": true,
	"displayName": "Read Phone",
	"givenName": "Read",
	"surname": "Phone",
	"mailNickname": "Phone-Read",
	"userPrincipalName": "Phone-Read@tenant.onmicrosoft.com",
	"passwordProfile": {
		"forceChangePasswordNextSignIn": false,
		"password": "xWwuiasduidWH-d"
	},
	"passwordPolicies": "DisablePasswordExpiration",
	"identities": [
		{
			"signInType": "emailAddress",
			"issuer": "tenant.onmicrosoft.com",
			"issuerAssignedId": "joebloggsuser@foo.com"
		},
		{
			"signInType": "phoneNumber",
			"issuer": "tenant.onmicrosoft.com",
			"issuerAssignedId": "+64271234567"
		}
	]
}

## Read-Phone.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                      xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="tenant.onmicrosoft.com" PolicyId="B2C_1A_Read_PhoneNumber" PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_Read_PhoneNumber"
                      DeploymentMode="Development"
                      UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights"
>

	<BasePolicy>
		<TenantId>tenant.onmicrosoft.com</TenantId>
		<PolicyId>B2C_1A_TRUSTFRAMEWORKEXTENSIONSMFA</PolicyId>
	</BasePolicy>

	<BuildingBlocks>
		<ClaimsSchema>

			<ClaimType Id="countryCode">
				<DisplayName>Country Code</DisplayName>
				<DataType>string</DataType>
				<UserHelpText>Phone Number</UserHelpText>
				<UserInputType>DropdownSingleSelect</UserInputType>
				<Restriction>
					<Enumeration Text="New Zealand(+64)" Value="NZ" SelectByDefault="true"/>
					<Enumeration Text="Albania(+355)" Value="AL"/>
				</Restriction>
			</ClaimType>

			<ClaimType Id="phoneNumber">
				<DisplayName>Phone number</DisplayName>
				<DataType>string</DataType>
				<UserInputType>TextBox</UserInputType>
				<Restriction>
					<Pattern RegularExpression="^[1-9][0-9]{0,9}$" HelpText="Please enter a valid phone number."/>
				</Restriction>
			</ClaimType>

			<ClaimType Id="signInNames.phoneNumber">
				<DataType>phoneNumber</DataType>
			</ClaimType>

		</ClaimsSchema>

		<ClaimsTransformations>

			<ClaimsTransformation Id="ConvertStringToPhoneNumber" TransformationMethod="ConvertStringToPhoneNumberClaim">
				<InputClaims>
					<InputClaim ClaimTypeReferenceId="countryCode" TransformationClaimType="country"/>
					<InputClaim ClaimTypeReferenceId="phoneNumber" TransformationClaimType="phoneNumberString"/>
				</InputClaims>
				<OutputClaims>
					<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber" TransformationClaimType="outputClaim"/>
				</OutputClaims>
			</ClaimsTransformation>

		</ClaimsTransformations>

		<ContentDefinitions>

			<ContentDefinition Id="newPhoneNumber">
				<LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri>
				<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
				<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.1</DataUri>
				<Metadata>
					<Item Key="DisplayName">Verify new phone number</Item>
				</Metadata>

			</ContentDefinition>
		</ContentDefinitions>

	</BuildingBlocks>

	<ClaimsProviders>
		<ClaimsProvider>
			<Domain>Test.com</Domain>
			<DisplayName>Test</DisplayName>
			<TechnicalProfiles>

				<TechnicalProfile Id="ObtainPhoneNumber">
					<DisplayName>Phone</DisplayName>
					<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
					<Metadata>
						<Item Key="ContentDefinitionReferenceId">newPhoneNumber</Item>
						<Item Key="UserMessageIfClaimsTransformationInvalidPhoneNumber">Please enter a valid phone number and country code.</Item>
					</Metadata>
					<CryptographicKeys>
						<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer"/>
					</CryptographicKeys>
					<InputClaims>
						<InputClaim ClaimTypeReferenceId="countryCode"/>
						<InputClaim ClaimTypeReferenceId="phoneNumber"/>
					</InputClaims>
					<OutputClaims>
						<OutputClaim ClaimTypeReferenceId="countryCode"/>
						<OutputClaim ClaimTypeReferenceId="phoneNumber"/>
						<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber"/>
					</OutputClaims>
					<ValidationTechnicalProfiles>
						<ValidationTechnicalProfile ReferenceId="CombineCountryCodeAndNationalNumber"/>
					</ValidationTechnicalProfiles>
				</TechnicalProfile>

				<TechnicalProfile Id="CombineCountryCodeAndNationalNumber">
					<DisplayName>Combine country code and national number</DisplayName>
					<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
					<InputClaimsTransformations>
						<InputClaimsTransformation ReferenceId="ConvertStringToPhoneNumber"/>
					</InputClaimsTransformations>
					<OutputClaims>
						<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber"/>
					</OutputClaims>
					<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/>
				</TechnicalProfile>

				<TechnicalProfile Id="AAD-UserReadUsingPhoneNumber">
					<Metadata>
						<Item Key="Operation">Read</Item>
						<Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">false</Item>
						<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
						<Item Key="UserMessageIfClaimsPrincipalDoesNotExist">Error - that phone number doesn't exist.</Item>
					</Metadata>
					<IncludeInSso>false</IncludeInSso>
					<InputClaims>
						<InputClaim ClaimTypeReferenceId="signInNames.phoneNumber"/>
					</InputClaims>
					<OutputClaims>
						<OutputClaim ClaimTypeReferenceId="objectId"/>
						<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber"/>
						<OutputClaim ClaimTypeReferenceId="userPrincipalName"/>
						<!-- Optional claims -->
						<OutputClaim ClaimTypeReferenceId="displayName"/>
					</OutputClaims>
					<IncludeTechnicalProfile ReferenceId="AAD-Common"/>
				</TechnicalProfile>

			</TechnicalProfiles>
		</ClaimsProvider>

	</ClaimsProviders>

	<UserJourneys>

		<UserJourney Id="SignIn-PhoneNumber">
			<OrchestrationSteps>

				<OrchestrationStep Order="1" Type="ClaimsExchange">
					<ClaimsExchanges>
						<ClaimsExchange Id="ObtainPhoneNumber" TechnicalProfileReferenceId="ObtainPhoneNumber"/>
					</ClaimsExchanges>
				</OrchestrationStep>

				<OrchestrationStep Order="2" Type="ClaimsExchange">
					<ClaimsExchanges>
						<ClaimsExchange Id="UserReadUsingPhoneNumber" TechnicalProfileReferenceId="AAD-UserReadUsingPhoneNumber"/>
					</ClaimsExchanges>
				</OrchestrationStep>

				<OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer"/>

			</OrchestrationSteps>
			<ClientDefinition ReferenceId="DefaultWeb"/>
		</UserJourney>
	</UserJourneys>

	<RelyingParty>
		<DefaultUserJourney ReferenceId="SignIn-PhoneNumber"/>

		<UserJourneyBehaviors>
			<JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="410...5d0" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0"/>
		</UserJourneyBehaviors>

		<TechnicalProfile Id="PolicyProfile">
			<DisplayName>PolicyProfile</DisplayName>
			<Protocol Name="OpenIdConnect"/>
			<OutputClaims>
				<OutputClaim ClaimTypeReferenceId="displayName"/>
				<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber"/>
				<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
				<OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}"/>
			</OutputClaims>
			<SubjectNamingInfo ClaimType="sub"/>
		</TechnicalProfile>
	</RelyingParty>
</TrustFrameworkPolicy>
	{
	"accountEnabled": true,
	"displayName": "Read Phone",
	"givenName": "Read",
	"surname": "Phone",
	"mailNickname": "Phone-Read",
	"userPrincipalName": "Phone-Read@tenant.onmicrosoft.com",
	"passwordProfile": {
	"forceChangePasswordNextSignIn": false,
	"password": "xWwuiasduidWH-d"
	},
	"passwordPolicies": "DisablePasswordExpiration",
	"identities": [
	{
	"signInType": "emailAddress",
	"issuer": "tenant.onmicrosoft.com",
	"issuerAssignedId": "joebloggsuser@foo.com"
	},
	{
	"signInType": "phoneNumber",
	"issuer": "tenant.onmicrosoft.com",
	"issuerAssignedId": "+64271234567"
	}
	]
	}
	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
	<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:xsd="http://www.w3.org/2001/XMLSchema"
	xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="tenant.onmicrosoft.com" PolicyId="B2C_1A_Read_PhoneNumber" PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_Read_PhoneNumber"
	DeploymentMode="Development"
	UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights"
	>

	<BasePolicy>
	<TenantId>tenant.onmicrosoft.com</TenantId>
	<PolicyId>B2C_1A_TRUSTFRAMEWORKEXTENSIONSMFA</PolicyId>
	</BasePolicy>

	<BuildingBlocks>
	<ClaimsSchema>

	<ClaimType Id="countryCode">
	<DisplayName>Country Code</DisplayName>
	<DataType>string</DataType>
	<UserHelpText>Phone Number</UserHelpText>
	<UserInputType>DropdownSingleSelect</UserInputType>
	<Restriction>
	<Enumeration Text="New Zealand(+64)" Value="NZ" SelectByDefault="true"/>
	<Enumeration Text="Albania(+355)" Value="AL"/>
	</Restriction>
	</ClaimType>

	<ClaimType Id="phoneNumber">
	<DisplayName>Phone number</DisplayName>
	<DataType>string</DataType>
	<UserInputType>TextBox</UserInputType>
	<Restriction>
	<Pattern RegularExpression="^[1-9][0-9]{0,9}$" HelpText="Please enter a valid phone number."/>
	</Restriction>
	</ClaimType>

	<ClaimType Id="signInNames.phoneNumber">
	<DataType>phoneNumber</DataType>
	</ClaimType>

	</ClaimsSchema>

	<ClaimsTransformations>

	<ClaimsTransformation Id="ConvertStringToPhoneNumber" TransformationMethod="ConvertStringToPhoneNumberClaim">
	<InputClaims>
	<InputClaim ClaimTypeReferenceId="countryCode" TransformationClaimType="country"/>
	<InputClaim ClaimTypeReferenceId="phoneNumber" TransformationClaimType="phoneNumberString"/>
	</InputClaims>
	<OutputClaims>
	<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber" TransformationClaimType="outputClaim"/>
	</OutputClaims>
	</ClaimsTransformation>

	</ClaimsTransformations>

	<ContentDefinitions>

	<ContentDefinition Id="newPhoneNumber">
	<LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri>
	<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
	<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.1</DataUri>
	<Metadata>
	<Item Key="DisplayName">Verify new phone number</Item>
	</Metadata>

	</ContentDefinition>
	</ContentDefinitions>

	</BuildingBlocks>

	<ClaimsProviders>
	<ClaimsProvider>
	<Domain>Test.com</Domain>
	<DisplayName>Test</DisplayName>
	<TechnicalProfiles>

	<TechnicalProfile Id="ObtainPhoneNumber">
	<DisplayName>Phone</DisplayName>
	<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
	<Metadata>
	<Item Key="ContentDefinitionReferenceId">newPhoneNumber</Item>
	<Item Key="UserMessageIfClaimsTransformationInvalidPhoneNumber">Please enter a valid phone number and country code.</Item>
	</Metadata>
	<CryptographicKeys>
	<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer"/>
	</CryptographicKeys>
	<InputClaims>
	<InputClaim ClaimTypeReferenceId="countryCode"/>
	<InputClaim ClaimTypeReferenceId="phoneNumber"/>
	</InputClaims>
	<OutputClaims>
	<OutputClaim ClaimTypeReferenceId="countryCode"/>
	<OutputClaim ClaimTypeReferenceId="phoneNumber"/>
	<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber"/>
	</OutputClaims>
	<ValidationTechnicalProfiles>
	<ValidationTechnicalProfile ReferenceId="CombineCountryCodeAndNationalNumber"/>
	</ValidationTechnicalProfiles>
	</TechnicalProfile>

	<TechnicalProfile Id="CombineCountryCodeAndNationalNumber">
	<DisplayName>Combine country code and national number</DisplayName>
	<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
	<InputClaimsTransformations>
	<InputClaimsTransformation ReferenceId="ConvertStringToPhoneNumber"/>
	</InputClaimsTransformations>
	<OutputClaims>
	<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber"/>
	</OutputClaims>
	<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/>
	</TechnicalProfile>

	<TechnicalProfile Id="AAD-UserReadUsingPhoneNumber">
	<Metadata>
	<Item Key="Operation">Read</Item>
	<Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">false</Item>
	<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
	<Item Key="UserMessageIfClaimsPrincipalDoesNotExist">Error - that phone number doesn't exist.</Item>
	</Metadata>
	<IncludeInSso>false</IncludeInSso>
	<InputClaims>
	<InputClaim ClaimTypeReferenceId="signInNames.phoneNumber"/>
	</InputClaims>
	<OutputClaims>
	<OutputClaim ClaimTypeReferenceId="objectId"/>
	<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber"/>
	<OutputClaim ClaimTypeReferenceId="userPrincipalName"/>
	<!-- Optional claims -->
	<OutputClaim ClaimTypeReferenceId="displayName"/>
	</OutputClaims>
	<IncludeTechnicalProfile ReferenceId="AAD-Common"/>
	</TechnicalProfile>

	</TechnicalProfiles>
	</ClaimsProvider>

	</ClaimsProviders>

	<UserJourneys>

	<UserJourney Id="SignIn-PhoneNumber">
	<OrchestrationSteps>

	<OrchestrationStep Order="1" Type="ClaimsExchange">
	<ClaimsExchanges>
	<ClaimsExchange Id="ObtainPhoneNumber" TechnicalProfileReferenceId="ObtainPhoneNumber"/>
	</ClaimsExchanges>
	</OrchestrationStep>

	<OrchestrationStep Order="2" Type="ClaimsExchange">
	<ClaimsExchanges>
	<ClaimsExchange Id="UserReadUsingPhoneNumber" TechnicalProfileReferenceId="AAD-UserReadUsingPhoneNumber"/>
	</ClaimsExchanges>
	</OrchestrationStep>

	<OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer"/>

	</OrchestrationSteps>
	<ClientDefinition ReferenceId="DefaultWeb"/>
	</UserJourney>
	</UserJourneys>

	<RelyingParty>
	<DefaultUserJourney ReferenceId="SignIn-PhoneNumber"/>

	<UserJourneyBehaviors>
	<JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="410...5d0" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0"/>
	</UserJourneyBehaviors>

	<TechnicalProfile Id="PolicyProfile">
	<DisplayName>PolicyProfile</DisplayName>
	<Protocol Name="OpenIdConnect"/>
	<OutputClaims>
	<OutputClaim ClaimTypeReferenceId="displayName"/>
	<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber"/>
	<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
	<OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}"/>
	</OutputClaims>
	<SubjectNamingInfo ClaimType="sub"/>
	</TechnicalProfile>
	</RelyingParty>
	</TrustFrameworkPolicy>