Merge pull request #134048 from yoelhor/patch-38

Update configure-tokens-custom-policy.md

Author: megvanhuygen

articles/active-directory-b2c/configure-tokens-custom-policy.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 05/07/2020
+ms.date: 10/21/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -87,6 +87,45 @@ The following values are set in the previous example:
 > [!NOTE]
 > Single-page applications using the authorization code flow with PKCE always have a refresh token lifetime of 24 hours. [Learn more about the security implications of refresh tokens in the browser](../active-directory/develop/reference-third-party-cookies-spas.md#security-implications-of-refresh-tokens-in-the-browser).
 
+## Provide optional claims to your app
+
+The [Relying party policy technical profile](relyingparty.md#technicalprofile) output claims are values that are returned to an application. Adding output claims will issue the claims into the token after a successful user journey, and will be sent to the application. Modify the technical profile element within the relying party section to add the desired claims as an output claim.
+
+1. Open your custom policy file. For example, SignUpOrSignin.xml.
+1. Find the OutputClaims element. Add the OutputClaim you want to be included in the token. 
+1. Set the output claim attributes. 
+
+The following example adds the `accountBalance` claim. The accountBalance claim is sent to the application as a balance. 
+
+```xml
+<RelyingParty>
+  <DefaultUserJourney ReferenceId="SignUpOrSignIn" />
+  <TechnicalProfile Id="PolicyProfile">
+    <DisplayName>PolicyProfile</DisplayName>
+    <Protocol Name="OpenIdConnect" />
+    <OutputClaims>
+      <OutputClaim ClaimTypeReferenceId="displayName" />
+      <OutputClaim ClaimTypeReferenceId="givenName" />
+      <OutputClaim ClaimTypeReferenceId="surname" />
+      <OutputClaim ClaimTypeReferenceId="email" />
+      <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
+      <OutputClaim ClaimTypeReferenceId="identityProvider" />
+      <OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}" />
+      <!--Add the optional claims here-->
+      <OutputClaim ClaimTypeReferenceId="accountBalance" DefaultValue="" PartnerClaimType="balance" />
+    </OutputClaims>
+    <SubjectNamingInfo ClaimType="sub" />
+  </TechnicalProfile>
+</RelyingParty>
+```
+
+The OutputClaim element contains the following attributes:
+
+  - **ClaimTypeReferenceId** - The identifier of a claim type already defined in the [ClaimsSchema](claimsschema.md) section in the policy file or parent policy file.
+  - **PartnerClaimType** - Allows you to change the name of the claim in the token. 
+  - **DefaultValue** - A default value. You can also set the default value to a [claim resolver](claim-resolver-overview.md), such as tenant ID.
+  - **AlwaysUseDefaultValue** - Force the use of the default value.
+
 ## Next steps
 
 - Learn more about [Azure AD B2C session](session-overview.md).

articles/active-directory-b2c/configure-tokens.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 05/07/2020
+ms.date: 10/15/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -51,6 +51,17 @@ You can configure the token lifetime on any user flow.
 
 5. Click **Save**.
 
+## Provide optional claims to your app
+
+The application claims are values that are returned to the application. Update your user flow to contain the desired claims.
+
+1. Select **User flows (policies)**.
+1. Open the user flow that you previously created.
+1. Select **Application claims**.
+1. Choose the claims and attributes that you want send back to your application.
+1. Click **Save**.
+
+
 ## Next steps
 
 Learn more about how to [request access tokens](access-tokens.md).