API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 29th, 2025
34
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
XML 9.87 KB | None | 0 0
raw download clone embed print report
  1.     <UserJourney Id="AccountLinkAndUnlink">
  2.       <OrchestrationSteps>
  3.         <OrchestrationStep Order="1" Type="CombinedSignInAndSignUp"
  4.          ContentDefinitionReferenceId="api.signuporsignin">
  5.           <ClaimsProviderSelections>
  6.             <!--Sample:
  7.            IDP selection for sign-in with local or federated account -->
  8.             <!-- <ClaimsProviderSelection TargetClaimsExchangeId="FacebookExchange"/> -->
  9.             <ClaimsProviderSelection TargetClaimsExchangeId="MicrosoftAccountExchange" />
  10.             <ClaimsProviderSelection TargetClaimsExchangeId="GoogleExchange" />
  11.             <ClaimsProviderSelection TargetClaimsExchangeId="AppleExchange" />
  12.             <ClaimsProviderSelection TargetClaimsExchangeId="TwitterExchange" />
  13.             <ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
  14.           </ClaimsProviderSelections>
  15.           <ClaimsExchanges>
  16.             <ClaimsExchange Id="LocalAccountSigninEmailExchange"
  17.              TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
  18.           </ClaimsExchanges>
  19.         </OrchestrationStep>
  20.         <OrchestrationStep Order="2" Type="ClaimsExchange">
  21.           <Preconditions>
  22.             <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
  23.               <Value>objectId</Value>
  24.               <Action>SkipThisOrchestrationStep</Action>
  25.             </Precondition>
  26.           </Preconditions>
  27.           <ClaimsExchanges>
  28.             <ClaimsExchange Id="MicrosoftAccountExchange" TechnicalProfileReferenceId="MSA-OIDC-SignIn" />
  29.             <ClaimsExchange Id="GoogleExchange" TechnicalProfileReferenceId="Google-OAUTH-SignIn" />
  30.             <ClaimsExchange Id="AppleExchange" TechnicalProfileReferenceId="Apple-OAUTH-SignIn" />
  31.             <ClaimsExchange Id="TwitterExchange" TechnicalProfileReferenceId="Twitter-SignIn"/>
  32.             <ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />
  33.           </ClaimsExchanges>
  34.         </OrchestrationStep>
  35.         <!-- For social IDP authentication, attempt to find the user account in the directory. -->
  36.         <OrchestrationStep Order="3" Type="ClaimsExchange">
  37.           <Preconditions>
  38.             <Precondition Type="ClaimEquals" ExecuteActionsIf="true">
  39.               <Value>authenticationSource</Value>
  40.               <Value>localAccountAuthentication</Value>
  41.               <Action>SkipThisOrchestrationStep</Action>
  42.             </Precondition>
  43.           </Preconditions>
  44.           <ClaimsExchanges>
  45.             <ClaimsExchange Id="AADUserReadUsingUserIdentity"
  46.              TechnicalProfileReferenceId="AAD-UserReadUsingUserIdentity-NoError" />
  47.           </ClaimsExchanges>
  48.         </OrchestrationStep>
  49.         <!-- Show self-asserted page only if the directory does not have the user account already
  50.        (i.e. we do not have an objectId).
  51.          This can only happen when authentication happened using a social IDP. If local account was created
  52.        or authentication done
  53.          using ESTS in step 2, then an user account must exist in the directory by this time. -->
  54.         <OrchestrationStep Order="4" Type="ClaimsExchange">
  55.           <Preconditions>
  56.             <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
  57.               <Value>objectId</Value>
  58.               <Action>SkipThisOrchestrationStep</Action>
  59.             </Precondition>
  60.           </Preconditions>
  61.           <ClaimsExchanges>
  62.             <ClaimsExchange Id="SelfAsserted-Social-v2"
  63.              TechnicalProfileReferenceId="SelfAsserted-Social-v2" />
  64.           </ClaimsExchanges>
  65.         </OrchestrationStep>
  66.         <!-- This step reads any user attributes that we may not have received when authenticating
  67.        using ESTS so they can be sent
  68.          in the token. -->
  69.         <OrchestrationStep Order="5" Type="ClaimsExchange">
  70.           <Preconditions>
  71.             <Precondition Type="ClaimEquals" ExecuteActionsIf="true">
  72.               <Value>authenticationSource</Value>
  73.               <Value>socialIdpAuthentication</Value>
  74.               <Action>SkipThisOrchestrationStep</Action>
  75.             </Precondition>
  76.           </Preconditions>
  77.           <ClaimsExchanges>
  78.             <ClaimsExchange Id="AADUserReadWithObjectId"
  79.              TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
  80.           </ClaimsExchanges>
  81.         </OrchestrationStep>
  82.         <!-- The previous step (SelfAsserted-Social) could have been skipped if there were no
  83.        attributes to collect
  84.             from the user. So, in that case, create the user in the directory if one does not already exist
  85.             (verified using objectId which would be set from the last step if account was created in the
  86.        directory. -->
  87.         <OrchestrationStep Order="6" Type="ClaimsExchange">
  88.           <Preconditions>
  89.             <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
  90.               <Value>objectId</Value>
  91.               <Action>SkipThisOrchestrationStep</Action>
  92.             </Precondition>
  93.           </Preconditions>
  94.           <ClaimsExchanges>
  95.             <ClaimsExchange Id="AADUserWrite"
  96.              TechnicalProfileReferenceId="AAD-UserReadUsingUserIdentity-NoError" />
  97.           </ClaimsExchanges>
  98.         </OrchestrationStep>
  99.         <!--Sample:
  100.        (Link and unlink) Displays the sign-in the social account buttons for account linking and
  101.        unlinking.-->
  102.         <OrchestrationStep Order="7" Type="CombinedSignInAndSignUp"
  103.          ContentDefinitionReferenceId="api.idpselections">
  104.           <ClaimsProviderSelections DisplayOption="ShowSingleProvider">
  105.  
  106.             <!--MSA-->
  107.             <ClaimsProviderSelection TargetClaimsExchangeId="LinkMicrosoftAccountExchange" />
  108.             <ClaimsProviderSelection TargetClaimsExchangeId="UnlinkMicrosoftAccountExchange" />
  109.             <!--Google-->
  110.             <ClaimsProviderSelection TargetClaimsExchangeId="LinkGoogleExchange" />
  111.             <ClaimsProviderSelection TargetClaimsExchangeId="UnlinkGoogleExchange" />
  112.             <!--Apple-->
  113.             <ClaimsProviderSelection TargetClaimsExchangeId="LinkAppleExchange" />
  114.             <ClaimsProviderSelection TargetClaimsExchangeId="UnlinkAppleExchange" />
  115.             <!--Sample:
  116.            Twitter-->
  117.             <ClaimsProviderSelection TargetClaimsExchangeId="LinkTwitterExchange"/>
  118.             <ClaimsProviderSelection TargetClaimsExchangeId="UnlinkTwitterExchange"/>
  119.           </ClaimsProviderSelections>
  120.         </OrchestrationStep>
  121.         <!-- Sample: (Link and unlink) Redirect the user to the selected social provider, to
  122.        complete the sign-in and link the new account -->
  123.         <OrchestrationStep Order="8" Type="ClaimsExchange">
  124.           <ClaimsExchanges>
  125.             <ClaimsExchange Id="LinkMicrosoftAccountExchange" TechnicalProfileReferenceId="MSA-OAUTH-Link" />
  126.             <ClaimsExchange Id="UnlinkMicrosoftAccountExchange" TechnicalProfileReferenceId="MSA-Unlink" />
  127.             <ClaimsExchange Id="LinkGoogleExchange" TechnicalProfileReferenceId="Google-OAUTH-Link" />
  128.             <ClaimsExchange Id="UnlinkGoogleExchange" TechnicalProfileReferenceId="Google-Unlink" />
  129.             <ClaimsExchange Id="LinkAppleExchange" TechnicalProfileReferenceId="Apple-OAUTH-Link" />
  130.             <ClaimsExchange Id="UnlinkAppleExchange" TechnicalProfileReferenceId="Apple-Unlink" />
  131.             <ClaimsExchange Id="LinkTwitterExchange" TechnicalProfileReferenceId="Twitter-Link" />
  132.             <ClaimsExchange Id="UnlinkTwitterExchange" TechnicalProfileReferenceId="Twitter-Unlink"/>
  133.           </ClaimsExchanges>
  134.         </OrchestrationStep>
  135.         <!-- Sample: (Link only) Attempt to find the second user account in the directory. -->
  136.         <OrchestrationStep Order="9" Type="ClaimsExchange">
  137.           <Preconditions>
  138.             <Precondition Type="ClaimEquals" ExecuteActionsIf="true">
  139.               <Value>linkOrUnlink</Value>
  140.               <Value>unlink</Value>
  141.               <Action>SkipThisOrchestrationStep</Action>
  142.             </Precondition>
  143.           </Preconditions>
  144.           <ClaimsExchanges>
  145.             <ClaimsExchange Id="AAADUserReadUsingUserIdentityToLink"
  146.              TechnicalProfileReferenceId="AAD-UserReadUsingUserIdentityToLink-NoError" />
  147.           </ClaimsExchanges>
  148.         </OrchestrationStep>
  149.         <!-- Sample: (Link only) Check whether second user account is existed in the directory.
  150.                     If yes, we can't link second account to the existing one, as the second one already exists as a
  151.        stand along account. -->
  152.         <OrchestrationStep Order="10" Type="ClaimsExchange">
  153.           <Preconditions>
  154.             <Precondition Type="ClaimEquals" ExecuteActionsIf="true">
  155.               <Value>linkOrUnlink</Value>
  156.               <Value>unlink</Value>
  157.               <Action>SkipThisOrchestrationStep</Action>
  158.             </Precondition>
  159.             <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
  160.               <Value>objectIdToLink</Value>
  161.               <Action>SkipThisOrchestrationStep</Action>
  162.             </Precondition>
  163.           </Preconditions>
  164.           <ClaimsExchanges>
  165.             <ClaimsExchange Id="SelfAssertedError" TechnicalProfileReferenceId="SelfAsserted-Error" />
  166.           </ClaimsExchanges>
  167.         </OrchestrationStep>
  168.         <!-- Sample: (Link and unlink) Update the identities collection with the link or unlink
  169.        identity. -->
  170.         <OrchestrationStep Order="11" Type="ClaimsExchange">
  171.           <ClaimsExchanges>
  172.             <ClaimsExchange Id="UpdateUserIdentities"
  173.              TechnicalProfileReferenceId="AAD-UserUpdateWithUserIdentities" />
  174.           </ClaimsExchanges>
  175.         </OrchestrationStep>
  176.         <OrchestrationStep Order="12" Type="SendClaims"
  177.          CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
  178.       </OrchestrationSteps>
  179.       <ClientDefinition ReferenceId="DefaultWeb" />
  180.     </UserJourney>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!