I am creating a custom signup signin policy in Azure B2C and am successfully able to get an access token using Msal.js in my Angular front end. When I try to send a request (with my jwt access token) to my .Net Core backend using authorization with B2C, I get a 401 response. I have a signup signin policy that uses the standard workflow and a request using its access token works fine. I compared the attributes on the tokens and it looks like the oid claim is missing from the custom policy token. (All of the other claims seem to be optional.) Here is a comparison of the tokens:
Broken custom policy token:
{
aud: "..."
azp: "..."
exp: 1565534473
given_name: "..."
iat: 1565530873
iss: "https://login.microsoftonline.com/.../v2.0/"
name: "Aaron"
nbf: 1565530873
nonce: "001f61ed-61c7-4fac-b613-4a5a4e1c134e"
scp: "read"
sub: "..."
tid: "..."
ver: "1.0"
}
Working access token
{
aud: "..."
azp: "..."
country: "United States"
emails: ["..."]
exp: 1565542145
given_name: "..."
iat: 1565538545
iss: "https://login.microsoftonline.com/.../v2.0/"
name: "..."
nbf: 1565538545
nonce: "ffd00fe6-dd02-4de1-ae06-8d6b6f0c8a81"
oid: "..."
scp: "read"
sub: "..."
tfp: "B2C_1_DefaultSignInSignUp"
ver: "1.0"
}
Is it necessary to have that oid claim? If so how do I add it to my custom policy (TrustFrameworkBase.xml)? Are there any other ways to get around this 401 response?
