Azure B2C Custom Policy - ID/Access tokens are not getting latest claims through Refresh Token

About

Asked 20/8, 2019 at 12:27 Answered 22/1, 2023 at 8:19

azure azure-active-directory azure-ad-b2c azure-ad-graph-api identity-experience-framework

I've created Azure B2C custom policy to get claims in ID/Access token & getting refresh token through "authorization_code" grant. Then I've updated one of User claim i.e("displayName") through Azure AD Graph API. Next I've tried to get updated claim ("displayName") in ID/Access tokens by using above refresh token against same Azure B2C custom policy through "refresh_grant", However I don't get it.

I've tried "RefreshTokenUserJourneyId" in B2C policy as JWT issuer, but none works.

How should I get latest User claims in ID/Access tokens through refresh token grant once it's updated.

Help required.

Blacken answered 20/8, 2019 at 12:27 Comment(6)

Hi @Jeeva. What does the refresh token user journey do? Does it read the user object again? – Dorton 20/8, 2019 at 23:40

Hi Chris, Yes, it reads userobject before calls JwtIssuer. Am I missing something here? – Blacken 21/8, 2019 at 4:34

Hi @Jeeva. Does it read all of the user properties that you are wanting to re-issue? – Dorton 21/8, 2019 at 11:26

Hi Chris,Wanted to re-issue "displayName" in token, <OutputClaim ClaimTypeReferenceId="displayName" /> in RP. – Blacken 21/8, 2019 at 11:33

Hi, I am having the same issue where the latest user claims aren't coming though when using the refresh token journey as above. Did you manage to come up with a solution for this? Thanks. – Symbolic 17/12, 2019 at 12:28

@Blacken did you find the solution or workaround? i faced the same problem and cannot fix – Nomenclature 29/8, 2023 at 1:28

I also faced stale claims issue. I was able to get it done using this sample:

https://github.com/azure-ad-b2c/samples/tree/master/policies/refresh-token-journey

You will also face this issue when you want to refresh data in the token from the external identity provider (like Google). This sample also shows how to implement refresh for data from the external IDP:

https://github.com/azure-ad-b2c/samples/blob/master/policies/refresh-token-journey/policy/SignUpOrSignIn_RefreshTokenJourney_WithGoogle.xml

Mattoid answered 22/1, 2023 at 8:19 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags