Merge pull request #289439 from MicrosoftDocs/main

10/29/2024 PM Publish

Author: Taojunshen

articles/active-directory-b2c/identity-provider-mobile-id.md

@@ -46,7 +46,7 @@ To enable sign-in for users with Mobile ID in Azure AD B2C, you need to create a
 
     |Key  |Note  |
     |---------|---------|
-    | Client ID | The Mobile ID client ID. For example, 11111111-2222-3333-4444-555555555555. |
+    | Client ID | The Mobile ID client ID. For example, 00001111-aaaa-2222-bbbb-3333cccc4444. |
     | Client Secret| The Mobile ID client secret.| 
 
 

articles/active-directory-b2c/identity-provider-swissid.md

@@ -48,7 +48,7 @@ To enable sign-in for users with a SwissID account in Azure AD B2C, you need to
     |Key  |Note  |
     |---------|---------|
     | Environment| The SwissID OpenId well-known configuration endpoint. For example, `https://login.sandbox.pre.swissid.ch/idp/oauth2/.well-known/openid-configuration`. |
-    | Client ID | The SwissID client ID. For example, `11111111-2222-3333-4444-555555555555`. |
+    | Client ID | The SwissID client ID. For example, `00001111-aaaa-2222-bbbb-3333cccc4444`. |
     | Password| The SwissID client secret.| 
 
 

articles/active-directory-b2c/implicit-flow-single-page-application.md

@@ -47,13 +47,13 @@ In this request, the client indicates the permissions that it needs to acquire f
 
 - `{tenant}` with the name of your Azure AD B2C tenant.
 
-- `90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6` with the app ID of the application you've registered in your tenant. 
+- `00001111-aaaa-2222-bbbb-3333cccc4444` with the app ID of the application you've registered in your tenant. 
 
 - `{policy}` with the name of a policy you've created in your tenant, for example `b2c_1_sign_in`.
 
 ```http
 GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/authorize?
-client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6
+client_id=00001111-aaaa-2222-bbbb-3333cccc4444
 &response_type=id_token+token
 &redirect_uri=https%3A%2F%2Faadb2cplayground.azurewebsites.net%2F
 &response_mode=fragment
@@ -88,7 +88,7 @@ GET https://aadb2cplayground.azurewebsites.net/#
 access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...
 &token_type=Bearer
 &expires_in=3599
-&scope="90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access",
+&scope="00001111-aaaa-2222-bbbb-3333cccc4444 offline_access",
 &id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...
 &state=arbitrary_data_you_sent_earlier
 ```
@@ -175,7 +175,7 @@ In a typical web app flow, you would make a request to the `/token` endpoint. Ho
 
 ```http
 https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/authorize?
-client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6
+client_id=00001111-aaaa-2222-bbbb-3333cccc4444
 &response_type=token
 &redirect_uri=https%3A%2F%2Faadb2cplayground.azurewebsites.net%2F
 &scope=https%3A%2F%2Fapi.contoso.com%2Ftasks.read
@@ -265,4 +265,4 @@ GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/
 
 ## Next steps
 
-See the code sample: [Sign-in with Azure AD B2C in a JavaScript SPA](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-browser-samples/VanillaJSTestApp2.0/app/b2c).
+See the code sample: [Sign-in with Azure AD B2C in a JavaScript SPA](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-browser-samples/VanillaJSTestApp2.0/app/b2c).

articles/active-directory-b2c/json-transformations.md

@@ -231,7 +231,7 @@ The following claims transformation outputs a JSON string claim that will be the
 
 - Input claims:
   - **email**,  transformation claim type  **customerEntity.email**: "[email protected]"
-  - **objectId**, transformation claim type **customerEntity.userObjectId** "01234567-89ab-cdef-0123-456789abcdef"
+  - **objectId**, transformation claim type **customerEntity.userObjectId** "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb"
   - **givenName**, transformation claim type **customerEntity.firstName** "John"
   - **surname**, transformation claim type **customerEntity.lastName** "Smith"
 - Input parameter:
@@ -244,7 +244,7 @@ The following claims transformation outputs a JSON string claim that will be the
     {
        "customerEntity":{
           "email":"[email protected]",
-          "userObjectId":"01234567-89ab-cdef-0123-456789abcdef",
+          "userObjectId":"aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb",
           "firstName":"John",
           "lastName":"Smith",
           "role":{
@@ -264,7 +264,7 @@ The **GenerateJson** claims transformation accepts plain strings. If an input cl
     {
        "customerEntity":{
           "email":"[\"[email protected]\"]",
-          "userObjectId":"01234567-89ab-cdef-0123-456789abcdef",
+          "userObjectId":"aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb",
           "firstName":"John",
           "lastName":"Smith",
           "role":{

articles/active-directory-b2c/jwt-issuer-technical-profile.md

@@ -63,7 +63,7 @@ The **InputClaims**, **OutputClaims**, and **PersistClaims** elements are empty
 | refresh_token_lifetime_secs | No | Refresh token lifetimes. The maximum time period before which a refresh token can be used to acquire a new access token, if your application had been granted the offline_access scope. The default is 120,9600 seconds (14 days). The minimum (inclusive) is 86,400 seconds (24 hours). The maximum (inclusive) is 7,776,000 seconds (90 days). |
 | rolling_refresh_token_lifetime_secs | No | Refresh token sliding window lifetime. After this time period elapses the user is forced to reauthenticate, irrespective of the validity period of the most recent refresh token acquired by the application. If you don't want to enforce a sliding window lifetime, set the value of allow_infinite_rolling_refresh_token to `true`. The default is 7,776,000 seconds (90 days). The minimum (inclusive) is 86,400 seconds (24 hours). The maximum (inclusive) is 31,536,000 seconds (365 days). |
 | allow_infinite_rolling_refresh_token | No | If set to `true`, the refresh token sliding window lifetime never expires. |
-| IssuanceClaimPattern | No | Controls the Issuer (iss) claim. One of the values:<ul><li>AuthorityAndTenantGuid - The iss claim includes your domain name, such as `login.microsoftonline` or `tenant-name.b2clogin.com`, and your tenant identifier https:\//login.microsoftonline.com/00000000-0000-0000-0000-000000000000/v2.0/</li><li>AuthorityWithTfp - The iss claim includes your domain name, such as `login.microsoftonline` or `tenant-name.b2clogin.com`, your tenant identifier and your relying party policy name. https:\//login.microsoftonline.com/tfp/00000000-0000-0000-0000-000000000000/b2c_1a_tp_sign-up-or-sign-in/v2.0/</li></ul> Default value: AuthorityAndTenantGuid |
+| IssuanceClaimPattern | No | Controls the Issuer (iss) claim. One of the values:<ul><li>AuthorityAndTenantGuid - The iss claim includes your domain name, such as `login.microsoftonline` or `tenant-name.b2clogin.com`, and your tenant identifier https:\//login.microsoftonline.com/aaaabbbb-0000-cccc-1111-dddd2222eeee/v2.0/</li><li>AuthorityWithTfp - The iss claim includes your domain name, such as `login.microsoftonline` or `tenant-name.b2clogin.com`, your tenant identifier and your relying party policy name. https:\//login.microsoftonline.com/tfp/aaaabbbb-0000-cccc-1111-dddd2222eeee/b2c_1a_tp_sign-up-or-sign-in/v2.0/</li></ul> Default value: AuthorityAndTenantGuid |
 | AuthenticationContextReferenceClaimPattern | No | Controls the `acr` claim value.<ul><li>None - Azure AD B2C doesn't issue the acr claim</li><li>PolicyId - the `acr` claim contains the policy name</li></ul>The options for setting this value are TFP (trust framework policy) and ACR (authentication context reference). It is recommended setting this value to TFP, to set the value, ensure the `<Item>` with the `Key="AuthenticationContextReferenceClaimPattern"` exists and the value is `None`. In your relying party policy, add `<OutputClaims>` item, add this element `<OutputClaim ClaimTypeReferenceId="trustFrameworkPolicy" Required="true" DefaultValue="{policy}" PartnerClaimType="tfp"/>`. Also make sure your policy contains the claim type `<ClaimType Id="trustFrameworkPolicy">	<DisplayName>trustFrameworkPolicy</DisplayName>		<DataType>string</DataType>	</ClaimType>` |
 |RefreshTokenUserJourneyId| No | The identifier of a user journey that should be executed during the [refresh an access token](authorization-code-flow.md#4-refresh-the-token) POST request to the `/token` endpoint. |
 
@@ -79,17 +79,3 @@ The CryptographicKeys element contains the following attributes:
 ## Session management
 
 To configure the Azure AD B2C sessions between Azure AD B2C and a relying party application, in the attribute of the `UseTechnicalProfileForSessionManagement` element, add a reference to [OAuthSSOSessionProvider](custom-policy-reference-sso.md#oauthssosessionprovider) SSO session.
-
-
-
-
-
-
-
-
-
-
-
-
-
-

articles/active-directory-b2c/language-customization.md

@@ -436,7 +436,7 @@ In the following example, English (en) and Spanish (es) custom strings are added
 1. Switch your browser default language to Spanish. Or you can add the query string parameter, `ui_locales` to the authorization request. For example: 
 
 ```http
-https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/B2C_1A_signup_signin/oauth2/v2.0/authorize&client_id=0239a9cc-309c-4d41-12f1-31299feb2e82&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fjwt.ms&scope=openid&response_type=id_token&prompt=login&ui_locales=es
+https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/B2C_1A_signup_signin/oauth2/v2.0/authorize&client_id=00001111-aaaa-2222-bbbb-3333cccc4444&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fjwt.ms&scope=openid&response_type=id_token&prompt=login&ui_locales=es
 ```
 
 ::: zone-end

articles/active-directory-b2c/openid-connect.md

@@ -37,15 +37,15 @@ When your web application needs to authenticate the user and run a user flow, it
 
 In this request, the client indicates the permissions that it needs to acquire from the user in the `scope` parameter, and specifies the user flow to run. To get a feel of how the request works, paste the request into your browser and run it. Replace:
 - `{tenant}` with the name of your tenant.
-- `90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6` with the app ID of an [application you registered in your tenant](tutorial-register-applications.md).  
+- `00001111-aaaa-2222-bbbb-3333cccc4444` with the app ID of an [application you registered in your tenant](tutorial-register-applications.md).  
 - `{application-id-uri}/{scope-name}` with the Application ID URI and scope of an application that you registered in your tenant.
 - `{policy}` with the policy name that you have in your tenant, for example `b2c_1_sign_in`.
 
 ```http
 GET /{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/authorize?
 Host: {tenant}.b2clogin.com
 
-client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6
+client_id=00001111-aaaa-2222-bbbb-3333cccc4444
 &response_type=code+id_token
 &redirect_uri=https%3A%2F%2Fjwt.ms%2F
 &response_mode=fragment
@@ -157,8 +157,8 @@ Host: {tenant}.b2clogin.com
 Content-Type: application/x-www-form-urlencoded
 
 grant_type=authorization_code
-&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6
-&scope=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access
+&client_id=00001111-aaaa-2222-bbbb-3333cccc4444
+&scope=00001111-aaaa-2222-bbbb-3333cccc4444 offline_access
 &code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...
 &redirect_uri=urn:ietf:wg:oauth:2.0:oob
 ```
@@ -181,7 +181,7 @@ A successful token response looks like:
     "not_before": "1442340812",
     "token_type": "Bearer",
     "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
-    "scope": "90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access",
+    "scope": "00001111-aaaa-2222-bbbb-3333cccc4444 offline_access",
     "expires_in": "3600",
     "expires_on": "1644254945",
     "refresh_token": "AAQfQmvuDy8WtUv-sd0TBwWVQs1rC-Lfxa_NDkLqpg50Cxp5Dxj0VPF1mx2Z...",
@@ -234,7 +234,7 @@ Host: {tenant}.b2clogin.com
 Content-Type: application/x-www-form-urlencoded
 
 grant_type=refresh_token
-&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6
+&client_id=00001111-aaaa-2222-bbbb-3333cccc4444
 &scope=openid offline_access
 &refresh_token=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...
 &redirect_uri=urn:ietf:wg:oauth:2.0:oob
@@ -258,7 +258,7 @@ A successful token response looks like:
     "not_before": "1442340812",
     "token_type": "Bearer",
     "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
-    "scope": "90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access",
+    "scope": "00001111-aaaa-2222-bbbb-3333cccc4444 offline_access",
     "expires_in": "3600",
     "refresh_token": "AAQfQmvuDy8WtUv-sd0TBwWVQs1rC-Lfxa_NDkLqpg50Cxp5Dxj0VPF1mx2Z...",
     "refresh_token_expires_in": "1209600"

articles/active-directory-b2c/partner-asignio.md

@@ -217,17 +217,17 @@ Get the custom policy starter packs from GitHub, then update the XML files in th
             <Item Key="scope">openid profile email</Item>
             <Item Key="UsePolicyInRedirectUri">0</Item>
             <!-- Update the Client ID below to the Asignio Application ID -->
-            <Item Key="client_id">00000000-0000-0000-0000-000000000000</Item>
+            <Item Key="client_id">00001111-aaaa-2222-bbbb-3333cccc4444</Item>
             <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
 
 
             <!-- trying to add additional claim-->
-            <!--Insert b2c-extensions-app application ID here, for example: 11111111-1111-1111-1111-111111111111-->
-            <Item Key="11111111-1111-1111-1111-111111111111"></Item>
-            <!--Insert b2c-extensions-app application ObjectId here, for example: 22222222-2222-2222-2222-222222222222-->
-            <Item Key="22222222-2222-2222-2222-222222222222"></Item>
+            <!--Insert b2c-extensions-app application ID here, for example: 00001111-aaaa-2222-bbbb-3333cccc4444-->
+            <Item Key="00001111-aaaa-2222-bbbb-3333cccc4444"></Item>
+            <!--Insert b2c-extensions-app application ObjectId here, for example: aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb-->
+            <Item Key="aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb"></Item>
             <!-- The key below allows you to specify each of the Azure AD tenants that can be used to sign in. Update the GUIDs below for each tenant. -->
-            <!--<Item Key="ValidTokenIssuerPrefixes">https://login.microsoftonline.com/11111111-1111-1111-1111-111111111111</Item>-->
+            <!--<Item Key="ValidTokenIssuerPrefixes">https://login.microsoftonline.com/00001111-aaaa-2222-bbbb-3333cccc4444</Item>-->
             <!-- The commented key below specifies that users from any tenant can sign-in. Uncomment if you would like anyone with an Azure AD account to be able to     sign in. -->
             <Item Key="ValidTokenIssuerPrefixes">https://login.microsoftonline.com/</Item>
           </Metadata>
@@ -439,4 +439,4 @@ If you have an Asignio Signature, you're prompted to authenticate with your Asig
 * [Azure AD B2C Samples](https://stackoverflow.com/questions/tagged/azure-ad-b2c)
 * YouTube: [Identity Azure AD B2C Series](https://www.youtube.com/playlist?list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0)
 * [Azure AD B2C custom policy overview](custom-policy-overview.md)
-* [Tutorial: Create user flows and custom policies in Azure Active Directory B2C](tutorial-create-user-flows.md?pivots=b2c-custom-policy)
+* [Tutorial: Create user flows and custom policies in Azure Active Directory B2C](tutorial-create-user-flows.md?pivots=b2c-custom-policy)

articles/active-directory-b2c/partner-bindid.md

@@ -195,7 +195,7 @@ You can define the Transmit Security as a claims provider by adding it to the **
              <Metadata>
                <Item Key="METADATA">https://api.transmitsecurity.io/cis/oidc/.well-known/openid-configuration</Item>
                 <!-- Update the Client ID below to the Transmit Security client ID -->
-               <Item Key="client_id">00000000-0000-0000-0000-000000000000</Item>
+               <Item Key="client_id">00001111-aaaa-2222-bbbb-3333cccc4444</Item>
                <Item Key="response_types">code</Item>
                <Item Key="scope">openid email</Item>
                <Item Key="response_mode">form_post</Item>

articles/active-directory-b2c/partner-biocatch.md

@@ -381,9 +381,9 @@ For the following instructions, see [Tutorial: Register a web application in Azu
 
       "iss": "https://tenant.b2clogin.com/12345678-1234-1234-1234-123456789012/v2.0/", 
 
-      "sub": "12345678-1234-1234-1234-123456789012", 
+      "sub": "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb", 
 
-      "aud": "12345678-1234-1234-1234-123456789012", 
+      "aud": "00001111-aaaa-2222-bbbb-3333cccc4444", 
 
       "acr": "b2c_1a_signup_signin_biocatch_policy", 
 
@@ -405,7 +405,7 @@ For the following instructions, see [Tutorial: Register a web application in Azu
 
       "score": 275, 
 
-      "tid": "12345678-1234-1234-1234-123456789012" 
+      "tid": "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb" 
 
     }.[Signature]