We are using Azure B2C to authenticate our users which is working fine. After signup we add some custom claims to our users which were defined in the B2C portal as "User attributes" using the graph api. When I log into the portal I can see these values have been set by our calls, as have some standard claims values(i.e. we also set Display Name by concatenating the givenName and lastName values).
The issue we are having is that after these values are set, they do not appear in the token retrieved by sending the access token to the authenticate endpoints until the user is logged out and back in again (which is obviously a pretty awful user experience after signup). It looks like the original id_token is cached when the user is created and that is what is being returned instead.
This doesnt make sense, as it seems perfectly sensible to let a user update their profile (claims values) while logged into an application and for those changes to take affect immediately without needing to re-authenticate?
Could someone explain how/if it is possible to force the cached id_token on the server to expire so that when we request a id_token using an access token, the id_token contains the most up-to-date claims values?
OK so after nearly a month of waiting for a response, the official line is:
"Product Group identify that this is on the roadmap even that we still don't have a final date it should happen in a few months."
So basically they haven't acknowledged it's a bug and they can't tell when this scenario will be supported. Pretty poor level of support to be honest.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments