Naveenommi-MSFT
commented
1 year ago @bolt-io Thanks for your feedback! We will investigate and update as appropriate.
Closed bolt-io closed 5 months ago
Naveenommi-MSFT
commented
1 year ago @bolt-io Thanks for your feedback! We will investigate and update as appropriate.
dlepow
commented
1 year ago @bolt-io. I apologize for the delay responding to your issue. I have forwarded your issue to our engineering team to comment. Thanks!
dlepow
commented
5 months ago Thanks for raising this issue in Azure documentation. Unfortunately, at this time we have been unable to review or resolve your issue in a timely manner and we sincerely apologize for the delayed response. We have captured your feedback for consideration in future documentation updates and are now closing this issue. To discuss further, you can also get answers from community experts in Microsoft Q&A. If you have a support plan and you need technical help, create an Azure support request.
Using the new developer portal experience with MSAL pointing to Azure AD B2C with custom policies.
It seems that if the jwt returned by B2C custom policies has a different object ID than the
subclaim, the user will not be created. A post to the/usersendpoint returns a 403 http code and the following response:We have confirmed that once the
oidandsubclaims match, the user's are created successfully and the/usersendpoint returns a 201 http code.Is this expected?
Note, the reason the
oidandsubdo not match is due to using Azure AD B2C with local accounts (works fine as oid and sub match) and federated with Azure AD. When federating with Azure AD we use the Azure AD object ID to maintain APIM access/subscriptions they had before.Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.