update custom claims for already logeed in user with azure ad b2c

DigitalPro 1 Reputation point
2022-10-19T07:05:40.813+00:00

I am using azure ad b2c and I am also using api connector(before including application claims in token).My users membership information will be taken from external system.I am adding it into custom claims with api connector user flow.My frontend will have other logics related to these custom claims values which I get with token enrichment. But when my user membership updated I want to update the already existing user custom claims as well again calling the same api connector/other method. But as per my understanding api connector will call only at the time of signup/signin and I can not ask my user to signout and signin again to application to get updated details.

While going through the documentation I was reading about refresh token and by using this refresh token we can get updated token values.I am using react azure b2c npm(https://www.npmjs.com/package/react-azure-b2c). How can I get update my session storage with update claims while my user already logged in?Please help.

251837-screenshot-2022-10-19-at-122922-pm.png

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,719 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Shweta Mathur 28,921 Reputation points Microsoft Employee
    2022-10-20T13:01:54.97+00:00

    Hi @DigitalPro ,

    Thanks for reaching out.

    Unfortunately, as of now it is not possible to update the claims using API connector when refreshing the token. However, we can update the claims which are in the directory using refresh token.

    The API is only invoked during an initial authentication. When using refresh tokens to silently get new access or ID tokens, the token will include the values evaluated during the initial authentication.

    I would suggest you post this idea at the Azure Feedback Portal, which is monitored by the product team for feature enhancements.

    As a workaround, I am checking internally with in the team if we can update the claims using custom policy calling REST API services or not.

    Hope this will help.

    Thanks,
    Shweta

    -----------------------------------------------

    Please remember to "Accept Answer" if answer helped you.


  2. Juan Pablo Garces 0 Reputation points
    2023-02-16T15:15:50.3666667+00:00

    For anyone interested: The latest starter pack includes the refresh token journey: github.com/Azure-Samples/…. The hook is via the endpoint: learn.microsoft.com/en-gb/azure/active-directory-b2c/…

    0 comments No comments