I want to use azure active directory B2C in my application. I will have a lot of permissions like for example a certain user is allowed to read a table/write to the table etc. This could be hundreds of permissions if not thousands if the applications gets bigger. Should I use claims for this or would it be better to store this in a database?
Is there a limit on the amount of claims? Are there downsides of using too many claims (like Kerberos token bloat in active directory on premise)?
Yes, there is a limit to the amount of claims you can send. Claims are sent in the token which is included in the request header. Both browsers and web servers have a max header size.
Also, since you need to include the token in every authenticated API call, you'd be bloating every request adding unnecessary latency to your application.
Note: This is not specific to Azure AD B2C.