Hi,
I'm trying to set up Azure Active Directory B2C to use an existing external identity provider. For that purpose, I configured a custom identity provider through a custom policy which uses a hybrid authentication flow (code id_token).
Additionaly, I want to pass an OIDC identity provider access token and refresh token to my application. My technical profile in the custom policy looks like:
<TechnicalProfile Id="Custom-OpenIdConnect">
<DisplayName>Custom</DisplayName>
<Protocol Name="OpenIdConnect" />
<Metadata>
<Item Key="METADATA">URL</Item>
<Item Key="response_types">code id_token</Item>
<Item Key="response_mode">form_post</Item>
<Item Key="scope">openid profile</Item>
<Item Key="HttpBinding">POST</Item>
<Item Key="UsePolicyInRedirectUri">false</Item>
<Item Key="client_id">CLIENT_ID</Item>
</Metadata>
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="CLIENT_SECRET" />
</CryptographicKeys>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
<OutputClaim ClaimTypeReferenceId="identityProviderAccessToken" PartnerClaimType="{oauth2:access_token}" />
<OutputClaim ClaimTypeReferenceId="identityProviderRefreshToken" PartnerClaimType="{oauth2:refresh_token}" />
</OutputClaims>
</TechnicalProfile>
A JWT token passed to the application contains an access token but does not contain a refresh token. The external identity provider returns both tokens (access token and refresh_token) but for some reason it appears that {oauth2:refresh_token}
is not set.
Can someone point me in the right direction as I cannot figure out why the refresh token is not set?
Thanks,
Mihael