Azure AD B2C - Extension attribute/claims

Jennifer 6 Reputation points

We currently have a Web App that communicates with an API (both in .NET Core).

I have successfully set up authentication, and want a user to be able to assign a role to other users and have that role appear in the Claims when they log in. So I created the user attribute Role :

I use the MS Graph API to retrieve users by their ID and assign them the role (among others) with the extension attribute ("extension_b2cExtensionsAppID_Attribute") thanks to this piece of code:

The request proceeds normally, my object contains the 2 additionalData :

But when this user connects, I can't find the data in the Claims, even though I specified that I wanted this information in my "sign in/sign up" user flow:

I have also tried this manipulation since without success.

Can you tell me what I am doing wrong?
I thank you in advance and wish you a nice day,

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,575 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Jennifer 6 Reputation points

    Hi @AmanpreetSingh-MSFT ,

    Thanks for your answer. I finally found the solution to my problem. I have to use AddSessionTokenCaches() instead of AddInMemoryTokenCaches() as below :
    If we choose AddSessionTokenCaches(), the cache is linked to the user session. So if we disconnect, the token is updated.
    If we choose AddInMemoryTokenCaches(), the token is stored in memory. So if we restart the solution, it is lost.

    which sends me the information in the claims :

    Have a nice day,

    1 person found this answer helpful.
    0 comments No comments

  2. AmanpreetSingh-MSFT 56,216 Reputation points

    Hi @Jennifer · Thank you for reaching out.

    I don't think the problem is with your code. To confirm this, could you please try below steps to get a token without using your code.

    1. Registering a new Application in B2C, set reply url to, and select checkboxes for Access token and ID token under Authentication blade of the app.
    2. Use Run user flow option and select the application created in step 1.
    3. After successful authentication, you will be redirected to and the token will be decoded automatically.

    Additionally, you need to make sure the values for these attributes are populated. Attributes with null value are not returned in the token. Make sure you populate the values by profile editing policy for existing users and new users need to provide the value for these attributes during signup.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments