Read and Update Azure AD B2C extension attributes

Question

I have a trust framework SignUpOrSignIn custom policy user flow which sets 3 extension attributes for an app.
I can see these 3 claims and their default values in the token.
However, when I GET the user via MS Graph API (https://graph.microsoft.com/beta/{tenantId}/users/{userId}), I do not see these extension attributes.
Once I PATCH the user, I can then see the value via the GET to the {userId} segment as expected.

PATCH

{
    "extension_{appId}_subscription_expiry":"2020-04-10"
}

Why are any extension attributes not returned until they've been subsequently PATCHed?

Answer 1

Although you have set default values for the 3 extension attributes in your custom policy, you can only see them in the token after your sign-up at that time. But you didn't store them into Azure AD.

I guess that you just add such a code <OutputClaim ClaimTypeReferenceId="extension_subscription_expiry" AlwaysUseDefaultValue="true" DefaultValue="xxx" /> in your SignUpOrSignIn.xml file.

But if you want to store the values into Azure AD, you should write the custom claim to the user profile by using AAD-UserWriteUsingLogonEmail TechnicalProfile. See Read and write a claim.

You should finish all the steps listed in this document: Add claims and customize user input using custom policies in Azure Active Directory B2C