Share via

Custom policy not working with 2 JWTIssuers in Azure AD B2C

Akshay Kumar 0 Reputation points
2025-08-27T11:34:27.2633333+00:00

Hi Everyone,

I am trying to use 2 JwtIssuers(Default and JwtIssuerMobile) in a single UserJourney in custom policies in Azure AD B2C.
On the basis of an attribute/pre-conditions. I am trying to SendClaims from only one of the Technical profile(JwtIssuer / JwtIssuerMobile) in the final step.

Everything looks fine in case of default JwtIssuer.

When a request is identified to be coming from mobile, JwtIssuerMobile is invoked as expected(confirmed the same from App insights).

The updated token lifetime for id_token is visible in the response, but in case of access token the default token validity is being set instead of coming from the JwtIssuerMobile Technical profile.

Seems like in case of access token the validity is coming from the configurations present in default JwtIssuer.

Also, on using 2 relying party / separate UserJourneys we are getting the expected validities.

Is this a B2C limitation or we need to do something specific to make sure access token lifetime is also set the same way as id_token.

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jose Benjamin Solis Nolasco 5,406 Reputation points
    2025-08-27T14:11:12.69+00:00

    @Akshay Kumar I hope you are doing well,

    Azure AD B2C currently does not support dynamically varying access token lifetimes based on multiple JwtIssuer technical profiles in a single UserJourney. While ID token lifetime is honored per issuer, access token validity is bound to the relying party policy. The supported pattern is to create separate RPs/UserJourneys for each case (default vs. mobile), each with its own JwtIssuer and token lifetimes.

    😊 If my answer helped you resolve your issue, please consider marking it as the correct answer. This helps others in the community find solutions more easily. Thanks!

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.