I have an OIDC enterprise connection configured for an azure b2c tenant. I create an invite for a azure b2c user, follow the invite link, authenticate with azure b2c, redirect back to a react spa app, error on callback “the specified account is not allowed to accept the current invitation” - checked in auth0 logs. Decoded the id token issued by the azure b2c client. Looks like required claims are there but I’m not sure the emails claim is being recognized by auth0. The claim for email is in fact an array type named emails, for my test user there’s only a single email address. Could this be the issue?
I notice the invitation does disappear so looks like it’s being matched up but maybe since can’t parse the email it fails. I’m not too familiar with azure b2c and see no obvious way to force it to send a singular email claim to test my theory. Thanks for any help.