Skip to content

Commit 4b500ea

Browse files
garrodonnellgarrodonnell
committed
Learn Editor: Update policy-keys-overview.md
1 parent 94219bf commit 4b500ea

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

articles/active-directory-b2c/policy-keys-overview.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -77,15 +77,16 @@ If an Azure AD B2C keyset has multiple keys, only one of the keys is active at a
7777
- When the current key's expiration time has elapsed and the key container *does not* contain a new key with valid *not before* and *expiration* times, Azure AD B2C won't be able to use the expired key. Azure AD B2C will raise an error message within a dependant component of your custom policy. To avoid this issue, you can create a default key without activation and expiration dates as a safety net.
7878
- The key's endpoint (JWKS URI) of the OpenId Connect well-known configuration endpoint reflects the keys configured in the Key Container, when the Key is referenced in the [JwtIssuer Technical Profile](./jwt-issuer-technical-profile.md). An application using an OIDC library will automatically fetch this metadata to ensure it uses the correct keys to validate tokens. For more information, learn how to use [Microsoft Authentication Library](../active-directory/develop/msal-b2c-overview.md), which always fetches the latest token signing keys automatically.
7979

80-
![A diagram describing the process for key rollover in Azure AD B2C.](media/policy-keys-overview/key-rollover.png)
80+
:::image type="content" source="media/policy-keys-overview/key-rollover.png" alt-text="A diagram describing the process for key rollover in Azure AD B2C." lightbox="media/policy-keys-overview/key-rollover.png":::
81+
8182

8283
## Key caching
8384

8485
When a key is uploaded, the activation flag on the key is set to false by default. You can then set the state of this key to **Enabled**. If a key enabled and valid (current time is between NBF and EXP), then the key will be used.
8586

8687
### Key state
8788

88-
The activation flag property is modifiable within the Azure Portal UX allowing admins to disable a key and take it out of rotation.
89+
The activation flag property is modifiable within the Azure portal UX allowing admins to disable a key and take it out of rotation.
8990

9091
## Policy key management
9192

0 commit comments

Comments
 (0)