AD B2C: Where is Documentation for `{service:te}` In a Custom Policy Technical Profile?

AdamHilton-6671 20 Reputation points
2024-05-17T18:02:14.5066667+00:00

There are serval examples throughout the AD B2C documentation that utilize {service:te} as the value for the client_id. The following example was taken from here.

<TechnicalProfile Id="JwtIssuer">
  <DisplayName>JWT Issuer</DisplayName>
  <Protocol Name="OpenIdConnect" />
  <OutputTokenFormat>JWT</OutputTokenFormat>
  <Metadata>
    <Item Key="client_id">{service:te}</Item>
    <Item Key="issuer_refresh_token_user_identity_claim_type">objectId</Item>
    <Item Key="SendTokenResponseBodyWithJsonNumbers">true</Item>
  </Metadata>
  <CryptographicKeys>
    <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
    <Key Id="issuer_refresh_token_key" StorageReferenceId="B2C_1A_TokenEncryptionKeyContainer" />
  </CryptographicKeys>
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-jwt-issuer" />
</TechnicalProfile>


I've been unable to find any documentation what exactly {service:te} is doing, what the expected structure is, or how it works. Is this feature documented somewhere that I'm just missing? It must be resolving to an App Registration client id at some point, but it's not clear how it's doing so.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,181 questions
{count} votes

Accepted answer
  1. James Hamil 22,891 Reputation points Microsoft Employee
    2024-05-17T20:25:24.76+00:00

    Hi @AdamHilton-6671 , this is just a placeholder for the actual client ID of an Azure AD B2C application! Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments No comments

0 additional answers

Sort by: Most helpful