How to add custom claims to azure b2c access token?

Question

I have an azure active directory B2C account. The client and web api of the application are registered there. There are also user flows, for example, for registration and login. A web api (asp net core web api) protected by a b2c token. How to implement the logic in which after the user logs in to the system the web API application can validate the b2c token and exchange it for its own token, with the claims I need. Or maybe you can immediately add your custom claims to the b2c token? Provided that claims are stored in a database on their own server.

Studied a bunch of documentation from Microsoft. The first thing I discovered was the use of api connectors. https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-api-connector-token-enrichment?pivots=b2c-user-flow Maybe this is my decision? But I didn't understand how to check this locally from localhost.

Please share the best practices for writing such logic.

Answer 1

As per your link, you need to use custom policies.

In the link, you see e.g. "balance" (a custom claim) returned from the API call and added to the JWT for the RelyingParty.

You don't need to convert tokens - just call the API.

There are a number of options to secure your API.

You can return error messages.