I have a custom sign-in policy that calls a custom REST API that fetches some information about the user from my database.
That information needs to be updated every once in a while, but I can afford to update it once an hour.
The problem is, that we don't prompt the user to login every hour. Instead, we refresh the token silently every hour with acquireTokenSilent
I need to somehow intercept the acquireTokenSilent, to make it call my custom REST API and pull the additional claims, just like I do it in the custom sign-in policy.
Is there a way to do it?
The Configure the resource owner password credentials flow in Azure Active Directory B2C using a custom policy article describes how you can implement a user journey for the token refresh.
Specifically:
<ClaimsProvider>
<DisplayName>Token Issuer</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="JwtIssuer">
<Metadata>
<!-- Point to the redeem refresh token user journey-->
<Item Key="RefreshTokenUserJourneyId">ResourceOwnerPasswordCredentials-RedeemRefreshToken</Item>
</Metadata>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
<UserJourney Id="ResourceOwnerPasswordCredentials-RedeemRefreshToken">
<PreserveOriginalAssertion>false</PreserveOriginalAssertion>
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="RefreshTokenSetupExchange" TechnicalProfileReferenceId="SM-RefreshTokenReadAndSetup" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="CheckRefreshTokenDateFromAadExchange" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId-CheckRefreshTokenDate" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
</OrchestrationSteps>
</UserJourney>
You can add your API call to this user journey.