How can the Azure Active Directory Authentication Sevice be forced to reissue an id_token with updated claims? -


we using azure b2c authenticate our users working fine. after signup add custom claims our users defined in b2c portal "user attributes" using graph api. when log portal can see these values have been set our calls, have standard claims values(i.e. set display name concatening givenname , lastname values).

the issue having after these values set, not appear in token retrieved sending access token authenticate endpoints until user logged out , in again (which pretty awful user experience after signup). looks original id_token cached when user created , being returned instead.

this doesnt make sense, seems sensible let user update profile (claims values) while logged application , changes take affect without needing re-authenticate?

could explain how/if possible force cached id_token on server expire when request id_token using access token, id_token contains up-to-date claims values?

the issue having after these values set, not appear in token retrieved sending access token authenticate endpoints until user logged out , in again (which pretty awful user experience after signup).

would mind show request detail how acquire id_token?

based on test, can acquire id_token updated claim successful steps below:

1 . sign-in web app

2 . update displayname using azure ad graph below:

post: https://graph.windows.net/xxxx.onmicrosoft.com/users/{userid}?api-version=1.6 {      "displayname":"newvalue" }

3. re-request id_token oauth2.0 authorization endpoint using http request without sign-out/sign-in( can capture exact request using fiddler when sign-in app)

 get:https://login.microsoftonline.com/xxxx.onmicrosoft.com/oauth2/authorize?client_id={clientid}&redirect_uri={redirecturl}&response_type=id_token&scope=email+openid&response_mode=query&nonce=hwuavsky1pkscjc5q0xhsw%3d%3d&nux=1&nca=1&domain_hint={xxxx.onmicrosoft.com}

4 . update claim value show in new id_token expected

to narrow down issue, may see whether there cache id_token in app.


Comments

Post a Comment

Popular posts from this blog

asynchronous - C# WinSCP .NET assembly: How to upload multiple files asynchronously -

i using winscp .net assembly uploading files. want upload multiple files asynchronous way. have created method works single upload. public class uploadingdata { private sessionoptions _sessionoptions; private session _session; //connection etc private void onconnected() { foreach (var fileinfo in localfileslist) { var task = task.factory.startnew(() => uploadfilesasync(fileinfo)); } } private async task uploadfilesasync(string file) { string remotefilepath = _session.translatelocalpathtoremote(file, @"/", "/test_data_upload"); var uploading = _session.putfiles(file, remotefilepath, false); //when done await task.run(() => thread.sleep(1000)); } } please suggest me correct way. thanks you can use backgroundworker class this: string[] images = new string[50]; foreach (var path in images) { backgroundworker
Read more

aws api gateway - SerializationException in posting new Records via Dynamodb Proxy Service in API -

i getting "__type": "com.amazon.coral.service#serializationexception" as reply in postman & in test console in api gateway trying post record directly dynamodb using api proxy services.. referring aws article - https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/ here's mapping { "tablename": "tablenamegoeshere", "item": { "id" : "$context.requestid" "eventname" : "$input.path('$.eventname')", "timestamp" : $input.path('$.timestamp'), "answers": "$util.parsejson($input.path('$.answers'))" } } update: did asked ... , worked if try add array of json objects gives me above same error - here's trying now. please - couldnt find on google well #set($inputroot = $input.path('$')) { "tablename": "answer", "item": {
Read more

asp.net - Problems sending emails from forum -

i have been redesigning site has message board, has been written guy looked after site. it has few problems , written in .asp , uses .mdb files database. you can see whole thing here . feel free post if helps, test thing have set using original files , new database. the basic problem when posts message, supposed email sent them, have posted it. when replies, originator supposed message, replier has been posted. i’d have thought @ point in process there should script/file in postmessage.asp? the postmessage.asp page below. <% option explicit %> <!-- #include virtual="common/adovbs.inc" --> <html> <head> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <meta name="generator" content="microsoft frontpage 4.0"> <meta name="progid" content="frontpage.editor.document"> <title>new page 2</title> <base target="_self"
Read more