AD B2C access token claims missing when signing in multiple apps

Rafael Caviquioli 20 Reputation points
2024-03-22T15:58:40.64+00:00

Considering that applications A and B are connected to the same AD B2C tenant and using the same custom policy (b2c_1a_signinup).

Problem: When signing in multiple applications, the second application gets a access token not containing the given_name and surname claims.

How to reproduce the problem:

  • The user is NOT logged on to apps A or B.
  • The user signs in with a Microsoft Account on app A.
  • See the user name properly in the application (in the token).
  • Open the app B URL and click on sign in. SSO takes place so the user is automatically logged in without prompting the authentication step.
  • Don't see the username in the application (token).

Notes:

  • If the user signs in app B and then goes to app A the problem also happens.
  • If app B gets a new token with a refresh token, the missing claims are present properly.

This problem does NOT happen with email & password accounts, only with social accounts,

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,805 questions
0 comments No comments
{count} votes