Hello @Hamza Khalid,Based on your description, it seems that you're encountering an issue with external IDP users in Azure AD B2C when the application attempts to silently obtain an access token using a refresh token. The process fails with the error:
"AADB2C90128: The account associated with this grant no longer exists. Please re-authenticate and try again."
This issue likely arises because your custom policy might be only including a sign-in flow without a sign-up flow.
The error occurs when you try to request a new token by redeeming the refresh token of a deleted user. For external IDP users, refresh tokens do not persist user information unless a sign-up flow has been used. By design, refresh tokens must match an existing user record.
When users go through the flow, they receive an access token based on the claims provided. The refresh token then uses this stored information to validate the user's existence. If the user record is missing, the refresh token validation fails.
The redemption flow fails with the following exception, indicating that the user record does not exist:
Microsoft.Cpim.Data.UserNotFoundException: This user does not exist, and the profile 'AAD-UserReadUsingObjectId-CheckRefreshTokenDate' requires the user to have already been created. Microsoft.Cpim.Data.UserNotFoundException: The technical profile with ID "AAD-UserReadUsingObjectId-CheckRefreshTokenDate" in policy "B2C_1A_xxxx_signin" of tenant "b2cdomain.onmicrosoft.com" requires an error to be raised if the claims principal record does not exist. A claims principal of type "User" with identifier claim type ID "Microsoft.Cpim.Protocols.Claim" was not found.
To understand this issue, ensure that users go through a sign-up flow so that their information is properly stored, allowing the refresh token to validate against an existing user record.