MicrosoftDocs
diff --git a/‎articles/active-directory-b2c/date-transformations.md
Lines changed: 37 additions & 2 deletions b/‎articles/active-directory-b2c/date-transformations.md
Lines changed: 37 additions & 2 deletions
diff --git a/‎articles/active-directory-b2c/faq.yml
Lines changed: 14 additions & 1 deletion b/‎articles/active-directory-b2c/faq.yml
Lines changed: 14 additions & 1 deletion
diff --git a/‎articles/active-directory/develop/TOC.yml
Lines changed: 3 additions & 1 deletion b/‎articles/active-directory/develop/TOC.yml
Lines changed: 3 additions & 1 deletion
diff --git a/‎articles/active-directory/develop/media/howto-app-gallery-listing/timeline-2.png
14 KB b/‎articles/active-directory/develop/media/howto-app-gallery-listing/timeline-2.png
14 KB
diff --git a/‎articles/active-directory/develop/media/workload-identity-federation-create-trust-gcp/service-account-details.png
83 KB b/‎articles/active-directory/develop/media/workload-identity-federation-create-trust-gcp/service-account-details.png
83 KB
diff --git a/‎articles/active-directory/develop/userinfo.md
Lines changed: 1 addition & 0 deletions b/‎articles/active-directory/develop/userinfo.md
Lines changed: 1 addition & 0 deletions
@@ -197,8 +197,43 @@ Use this claims transformation to determine if first date plus the `timeSpanInSe
   - **operator**: later than
   - **timeSpanInSeconds**: 7776000 (90 days)
 - Output claims:
-  - **result**: true
-  
+    - **result**: true
+
+## IsTermsOfUseConsentRequired
+
+Determine whether a `dateTime` claim type is earlier or greater than a specific date. The result is a new Boolean claim with a value of `true` or `false`.
+
+| Item | TransformationClaimType | Data type | Notes |
+| ---- | ----------------------- | --------- | ----- |
+| InputClaim | termsOfUseConsentDateTime | dateTime | The `dateTime` claim type to check whether it is earlier or later than the `termsOfUseTextUpdateDateTime` input parameter. Undefined value returns `true` result. |
+| InputParameter | termsOfUseTextUpdateDateTime | dateTime | The `dateTime` claim type to check whether it is earlier or later than the `termsOfUseConsentDateTime` input claim. The time part of the date is optional. |
+| OutputClaim | result | boolean | The claim type that's produced after this claims transformation has been invoked. |
+
+Use this claims transformation to determine whether a `dateTime` claim type is earlier or greater than a specific date. For example, check whether a user has consented to the latest version of your terms of use (TOU) or terms of service. To check the last time a user consented, store the last time the user accepted the TOU in an [extension attribute](user-profile-attributes.md#extension-attributes). When your TOU wording changes, update the `termsOfUseTextUpdateDateTime` input parameter with the time of the change. Then, call this claims transformation to compare the dates. If the claims transformation returns `true`, the `termsOfUseConsentDateTime` value is earlier than the `termsOfUseTextUpdateDateTime` value, and you can ask the user to accept the updated TOU.
+
+```xml
+<ClaimsTransformation Id="IsTermsOfUseConsentRequired" TransformationMethod="IsTermsOfUseConsentRequired">
+  <InputClaims>
+    <InputClaim ClaimTypeReferenceId="extension_termsOfUseConsentDateTime" TransformationClaimType="termsOfUseConsentDateTime" />
+  </InputClaims>
+  <InputParameters>
+    <InputParameter Id="termsOfUseTextUpdateDateTime" DataType="dateTime" Value="2021-11-15T00:00:00" />
+  </InputParameters>
+  <OutputClaims>
+    <OutputClaim ClaimTypeReferenceId="termsOfUseConsentRequired" TransformationClaimType="result" />
+  </OutputClaims>
+</ClaimsTransformation>
+```
+
+### IsTermsOfUseConsentRequired example
+
+- Input claims:
+    - **termsOfUseConsentDateTime**: 2020-03-09T09:15:00 
+- Input parameters: 
+    - **termsOfUseTextUpdateDateTime**: 2021-11-15 
+- Output claims: 
+    - **result**: true 
+
 ## GetCurrentDateTime
 
 Get the current UTC date and time and add the value to a claim type.
 
@@ -9,9 +9,10 @@ metadata:
   ms.service: active-directory
   ms.workload: identity
   ms.topic: conceptual
-  ms.date: 12/9/2021
+  ms.date: 01/03/2022
   ms.author: kengaderdus
   ms.subservice: B2C
+  ms.custom: "b2c-support"
 
 title: 'Azure AD B2C: Frequently asked questions (FAQ)'
 summary: This page answers frequently asked questions about the Azure Active Directory B2C (Azure AD B2C). Keep checking back for updates.
@@ -227,6 +228,18 @@ sections:
           * API connectors
           * Conditional Access
           
+      - question: |
+          I have revoked the refresh token using Microsoft Graph invalidateAllRefreshTokens, or Azure AD PowerShell,  Revoke-AzureADUserAllRefreshToken. Why is Azure AD B2C still accepting the old refresh token?
+        answer: |
+          In Azure AD B2C, if the time difference between `refreshTokensValidFromDateTime` and `refreshTokenIssuedTime` is less than or equal to 5 minutes, the refresh token is still considered as valid. However, if the `refreshTokenIssuedTime` is greater than the `refreshTokensValidFromDateTime`, then the refresh token is revoked.
+          Follow the following steps to check if the refresh token is valid or revoked:
+          1. Retrieve the `RefreshToken` and the `AccessToken` by redeeming `authorization_code`.
+          1. Wait for 7 minutes.
+          1. Use PowerShell cmdlet [Revoke-AzureADUserAllRefreshToken](https://docs.microsoft.com/powershell/module/azuread/revoke-azureaduserallrefreshtoken?view=azureadps-2.0) or Microsoft Graph API [invalidateAllRefreshTokens](https://docs.microsoft.com/graph/api/user-invalidateallrefreshtokens?view=graph-rest-beta&tabs=http) to run the `RevokeAllRefreshToken` command.
+          1. Wait for 10 minutes.
+          
+          1. Retrieve the `RefreshToken` again.
+          
       - question: |
           How do I report issues with Azure AD B2C?
         answer: |
 
@@ -513,6 +513,8 @@
       href: howto-create-service-principal-portal.md   
     - name: Configure an app to trust a GitHub repo
       href: workload-identity-federation-create-trust-github.md 
+    - name: Access Azure AD protected resources from Google Cloud
+      href: workload-identity-federation-create-trust-gcp.md 
     - name: Configure an app to trust an external identity provider
       href: workload-identity-federation-create-trust.md
   - name: Accept sign-ins from multiple tenants
@@ -558,7 +560,7 @@
     - name: Publish to App Source
       href: v2-howto-get-appsource-certified.md
     - name: Publish to Azure AD App Gallery
-      href: v2-howto-app-gallery-listing.md
+      href: ../manage-apps/v2-howto-app-gallery-listing.md?toc=/azure/active-directory/develop/toc.json&bc=/azure/active-directory/develop/breadcrumb/toc.json
     - name: Publish to the Office 365 Seller Dashboard
       href: /office/dev/store/add-in-submission-guide
   - name: Remove an app registration
 
@@ -73,6 +73,7 @@ Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6Il…
     "name": "Mikah Ollenburg", // names all require the “profile” scope.
     "family_name": " Ollenburg",
     "given_name": "Mikah",
+    "picture": "https://graph.microsoft.com/v1.0/me/photo/$value",
     "email": "[email protected]" //requires the “email” scope.
 }
 ```
Original file line number	Diff line number	Diff line change
`@@ -73,6 +73,7 @@ Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6Il…`
`73`	`73`	`"name": "Mikah Ollenburg", // names all require the “profile” scope.`
`74`	`74`	`"family_name": " Ollenburg",`
`75`	`75`	`"given_name": "Mikah",`
	`76`	`+ "picture": "https://graph.microsoft.com/v1.0/me/photo/$value",`
`76`	`77`	`"email": "[email protected]" //requires the “email” scope.`
`77`	`78`	`}`
`78`	`79`	```