This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 74%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
It's my understanding that azure enterprise app is intended for users of an azure active directory associated with a given subscription.
What does the relying party app JWT token look like as far as claims? Is it customizable?
What API is used by relying party app to retrieve / update user info?
It's my understanding that B2C app is intended for external / federated / users.
What does the relying party app JWT token look like as far as claims? Is it customizable?
What API is used by relying party app to retrieve / update user info?
Trying to understand what all is involved in migrating a SPA web app from an enterprise app to a b2c app and the amount of work.
Enterprise apps do not have to be associated with a subscription. Azure AD B2C apps model is becoming one with Azure AD apps model. Currently they are pretty similar with some minor differences. Due this you can manage them using the same tools (AzureAD powershell, MS Graph) and use the same SDKs (MSAL, Microsoft Identity Web). Tokens are pretty similar too, take a look to Microsoft identity platform ID tokens, Microsoft identity platform access tokens and Overview of tokens in Azure Active Directory B2C.
The immediate differences when migrating will be the authorization, token and metadata endpoints:
Azure AD
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration
Azure AD B2C
https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/authorize
https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/token
https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/v2.0/.well-known/openid-configuration
Also Azure AD B2C applications can only access a limited set of permissions for 2 built in API: MS Graph and AAD Graph (legacy). Azure AD apps on the other hand can request permissions for a bigger set of APIs. For both you can expose and create your own custom permissions.
You can configure and issue custom claims with Azure B2B trough custom policies while Azure AD can issue optional claims and do claims mapping.
Finally, regarding the user info, for Azure AD users and Azure AD B2C local users you can use MS Graph. For Azure AD B2C federated users you will have to use the ones provided by their identity provider.