I am working on a system using Azure B2C where a user can have several companies. The user has access roles to the platform, but the companies have access roles to specific modules or functionalities, so the client's roles are the set of their roles + the roles of the active company. What is the problem? I am managing the roles as claims generated at sign-in using token enrichment, but when a client changes the company in an active session and I refresh the token, the claims are not updated because they don't call token enrichment again, and I couldn't find a way to force MSAL to do it.
So, is there a way to update the claims or a specific claim from MSAL and obtain a new access token with the updated claims without having to do a sign-out/sign-in?
There isn't a "proper" way to do this.
Some people do sign out / sign in under the hood.
The closest is CAE, but that's only for Exchange Online, SharePoint Online, Teams, and MS Graph.