azure-ad-b2c

We have Azure AD B2C setup to use Identity Experience Framework, and on sign-in/sign-up a REST call is made to get extra security credential claims via an Azure Function. This works fine. When we request an Access/Id Token via Refresh_Token via Azure AD B2C it looks like we get the same token back, and it doesn't call the REST API to get the latest updated token claims. Is it possible to make change this User Journey so it does? Is there another solution to refresh token without logging in again to get latest updates? (We could get around this in code and not using the Token, but for various

I am using MSAL.js and could successfully sign-in/sign-up users in Azure AD B2C using Facebook as identity provider. The problem is that after sign-in I cannot retrieve user's profile picture. Azure AD B2C returns an object identifier which has no tie to user's Facebook id. Using custom policies, you can retrieve the picture field for the Facebook user and then issue a picture claim in the ID token, as follows. 1: Complete the Azure Active Directory B2C: Get started with custom policies steps with one of the social account policies such as the SocialAndLocalAccounts one. 2: Declare a "picture"

Scenario: When I started to do a test with AAD B2C Custom policy, I used this sample: active-directory-b2c-custom-policy-starterpack/SocialAndLocalAccounts/ I referred to this documentation to get started. I followed those steps and changed some values in the samples and have double checked the client_id and resource_id. When I tried to run the signup or signin policy, I failed to signin with a local account with error: (Though I can signin with soical account) Invalid username or password I used Fiddler to catch the traffic, here is the request and response when I came across the error:

We have a custom Azure AD B2C Sign-in/Sign-up policy in place (SAML-based, the default policy doesn't do what we need). We're able to customize the page UI as expected, via a content definition like: <ContentDefinition Id="api.localaccountsignin"> <LoadUri>https://example.com/SAMLSignIn.html</LoadUri> <RecoveryUri>~/common/default_page_error.html</RecoveryUri> <DataUri>urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0</DataUri> <Metadata> <Item Key="DisplayName">Local account sign in page</Item> </Metadata> </ContentDefinition> But attempting to customize the error page, via:

The scenario is this: we have added Microsoft iDP to our app. The user can click the Microsoft Account button and use their MSA account to sign-up\sign-in. When the user signs up we'd like to validate the e-mail against our database. If the user's email is in our database, let them proceed and signup; otherwise we'd like to prevent them from signing up and display an error message. This would prevent creating a User in our Azure B2C AD. I used the following TechnicalProfile : <TechnicalProfile Id="REST-ValidateEmail"> <DisplayName>Validate Membership Email</DisplayName> <Protocol Name=

I'm new to Azure ADB2C, and am confused by some of the terminology. I am building a motorcycle ride monitoring website that I would like users to be able to log in to by verifying a social media identity (Google & Microsoft Account, for now). But I only want users who are members of the site to be able to use certain features. For example, I'd like everyone who authenticates to be able to apply for membership, read about the benefits of membership, etc., but I only want members to be able to initiate ride monitoring. Is the recommended approach here to only authorize (rather than authenticate,

On this article below, below is mentioned https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-faqs " Consider using the Graph API for user migration ..." However, when I clicked the link provided below https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet "You must use the Azure AD Graph API to manage users in an Azure AD B2C directory" However, the link below has different recommendation: "we recommend the use of Microsoft Graph over Azure AD Graph, as Microsoft Graph is where we are investing for Microsoft