@ModernRonin Thanks for reaching out. We will investigate and update the thread accordingly.

@ModernRonin , this is expected as already documented here,

Name | Claim | Example value | Description
-- | -- | -- | --
Authentication context class reference | acr | Not applicable | Used only with older policies.
Trust framework policy | tfp | b2c_1_signupsignin1 | The name of the policy that was used to acquire the ID token.

Though you have the option of switching it in the B2C user flow (policy), the default is tfp since that is more aligned with the implication.

We will now proceed to close this issue, but if there are any further questions, please tag me in your reply and will be happy to continue the conversation.

please-close

Shouldn't the docs be updated to reflect this default behavior?

@SayakMukhopadhyay , the docs says:

Claim representing policy ID - This property identifies the claim type into which the policy name used in the token request is populated. The default value is tfp. The value of acr is only provided for backward-compatibility.

Apart from that it also has a table as I pointed out in my reply above.

If you are suggesting any other change required for better clarity, please feel free to elaborate a bit. I would be happy to make the suggested change.

Yeah, I think that the following paragraph should be updated

To determine which policy was used to sign a token (and where to go to request the metadata), you have two options. First, the policy name is included in the acr claim in the token. You can parse claims out of the body of the JWT by base-64 decoding the body and deserializing the JSON string that results. The acr claim is the name of the policy that was used to issue the token. The other option is to encode the policy in the value of the state parameter when you issue the request, and then decode it to determine which policy was used. Either method is valid.

in https://docs.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview#validate-signature

The above paragraph gives a wrong indication that the acr claim is the valid claim for this info. I suggest changing it to include tfp (since its the default) something like

To determine which policy was used to sign a token (and where to go to request the metadata), you have two options. First, the policy name is included in the acr or tfp, as configured, claim in the token. You can parse claims out of the body of the JWT by base-64 decoding the body and deserializing the JSON string that results. The acr or tfp claim is the name of the policy that was used to issue the token. The other option is to encode the policy in the value of the state parameter when you issue the request, and then decode it to determine which policy was used. Either method is valid.

(emphasis mine)

thanks, @SayakMukhopadhyay - I knew there had been something that had misled me originally, but then when I saw the first reaction here, I thought "strange that I didn't see that". Your comment just made it clear :-)

Thanks @SayakMukhopadhyay for pointing that out. Will publish a change shortly.

Update has been published.