Azure AD B2C: How to revoke refresh tokens?

Welcome back to the… but first:

That was quite a break since my last post here… But enough of my laziness, it’s time to resume the Azure AD B2C series (or should I already call it Azure AD External Identities maybe?), the rest of the blog and my other community activities which died out recently.

So, welcome back to the AAD B2C series!


While using OAuth you sooner or later encounter a refresh token which allows retrieving new access token for application without any user interaction. However, as you add new features, applications, etc. and your solution grows you might meet with a challenge of invalidating those tokens. This posts covers different scenarios and options you have to do that in Azure AD B2C service.

Continue reading “Azure AD B2C: How to revoke refresh tokens?”

AAD B2C Quick Tips: query string parameters


Maybe my idea or use case I came up with was weird and it’s my fault in general but I battled the problem of passing a parameter inside the AAD B2C policy for over a day with no progress at all.

I tried docs, StackOverflow, I’ve read all conversations in Azure Advisors which could give me a hint how to handle it, I cloned the AAD B2C Samples repository and searched it thoroughly.

I’ve applied every combination I found but still my policy was either throwing errors (some handled gracefully, some not) or it was utterly ignoring my efforts to make it do what I wanted it to do (doing nothing or passing the claim resolver ‘code’ as an actual value, completely unresolved)

The breakthrough was sudden and a bit unexpected as I was slowly starting to think there might be something fundamentally wrong with my tenant. I’ll leave my solution for your future reference, maybe it will save someone’s time.

Continue reading “AAD B2C Quick Tips: query string parameters”

Azure AD B2C: SLA and estimated availability

Hello again in the Azure AD B2C series!


Service availability is a very important factor. Azure AD B2C, being one of the services, has an SLA coming with it. The number is given, it can be included in estimating overall solution availability, the case should be fairly simple. But is it really?

This time the post is not only on custom policies but also on build-in ones and on solutions using AAD B2C service. I planned to write about something different at this point of the series but as the work is already in progress I was inspired by a video on estimating services availability (video in Polish only) by a Microsoft Azure MVP, Marek Grabarz to do something on service availability in the context of AAD B2C.

Continue reading “Azure AD B2C: SLA and estimated availability”

Azure AD B2C: Custom policies – importing the exported

Hello again, this is the Azure AD B2C Custom Policies post series.


I started the series with a description of how to begin working with custom policies and showing my favourite way to do this. In short – instead of using any example policies published on the Internet, which may be outdated and not exactly match our requirements, I suggested exporting the existing build in policies after configuring them as closely to requirements as possible. This post will explain how to make this exported content importable back. Because, surprise, it is not.

Continue reading “Azure AD B2C: Custom policies – importing the exported”

Azure AD B2C: Custom policies – the structure

Hello again to the Azure AD B2C post series. I’m glad you’re still here!


This posts content covers mainly the general structure of build-in
policies (and the custom ones, at the point of exporting) as seen in documentation and as in actual exported policies. It is making an introduction to what can be found in policies structure and will serve as a point of reference later in the series.

Continue reading “Azure AD B2C: Custom policies – the structure”

Azure AD B2C: Custom policies – tools & resources

Welcome again to the Azure AD B2C post series!


In this post I will tell about tools and resources that help (or are essential) while working with custom policies. 

However, wanting this post to be as practical as possible I’ll start from tooling which will help in analyzing and moving around in the policy content we exported in ther first post of the series and list valuable resources at the end.


The content we exported in the first post with a little help from browser’s Developer mode and Postman is an XML file. A rather big XML file for that matter, at least when it comes to being handled by a human. Although the sheer size and number of things inside can be a bit intimidating we will try to deal with it part by part, element by element and tools will help us.

Continue reading “Azure AD B2C: Custom policies – tools & resources”

Azure AD B2C: Custom policies – how to begin?

Welcome to the Azure AD B2C post series!


This is the first post of the series and it is ment to shed some light on what to expect from working with custom policies and to show what I did and what worked for me. I will not delve into definitions of what a B2C is, what Azure AD and Azure AD B2C are as there are lots of more competent people who have already written on that subject. What I will try to explain however are some chosen concepts which, if not clarified, would make posts seem incomplete, disconnected from reality and useful only for a handful of professionals already having experience in the subject.

So, having said that, here we go. Continue reading “Azure AD B2C: Custom policies – how to begin?”