Hi @Emil Skov Rasmussen , both Azure AD B2C and Azure AD use JSON web tokens (JWTs) that contain assertions of information about the bearer and the subject of the token. However, the tokens used in Azure AD B2C and Azure AD are different and cannot be unified into a single token type.
Azure AD B2C emits different types of security tokens as it processes each authentication flow. The ID token is a JWT that contains claims that you can use to identify users in your application. This token is securely sent in HTTP requests for communication between two components of the same application or service. You can use the claims in an ID token as you see fit. They're commonly used to display account information or to make access control decisions in an application.
On the other hand, Azure AD issues different types of tokens depending on the authentication flow used. The most common tokens are the ID token, access token, and refresh token. The ID token is a JWT that contains claims about the authenticated user, such as their name, email, and unique identifier. The access token is a JWT that contains the permissions granted to the authenticated user, and it is used to access protected resources. The refresh token is used to obtain a new access token when the current one expires.
You can consider using a single authentication flow for both internal and external users to simplify the validation process at the internal app level.
For example, you can use the OpenID Connect (OIDC) authentication flow, which is supported by both Azure AD B2C and Azure AD: https://learn.microsoft.com/en-us/entra/architecture/auth-oidc
You can also look into B2C federation: https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-b2c-federation-customers
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James