My company is transitioning from Azure AD B2C user flows to custom policies to accommodate more complex scenarios, such as account linkage. In our directory, we have users with Microsoft accounts (e.g., live.com). We've encountered an issue while attempting to sign in existing users with live.com identities through custom policies.
The problem arises because the "IssuerAssignedId" does not directly map from the "oid" claim, which prevents us from correlating the user with the "IssuerAssignedId" stored in the directory.
What claim should I utilize to correlate the user with the "IssuerAssignedId" stored in the directory within custom policies?
We have tried mapping the "IssuerAssignedId" from "oid"-claims as stated in this guide: https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-microsoft-account?pivots=b2c-custom-policy
Thank you for any insights or guidance on this matter.
Making my comment an answer. It seems it uses the "sub" claim instead of "oid". "sub" is the standard OpenID Connect claim to identify the user so it makes sense.