Microsoft-authentication-library-for-js: Retrieve idTokenClaims for logged in accounts using msal-browser 2.x

Please follow the issue template below. Failure to do so will result in a delay in answering your question.

Library

• [ ] [email protected] or @azure/[email protected]
• [x] @azure/[email protected]
• [ ] @azure/[email protected]
• [ ] @azure/[email protected]
• [ ] @azure/[email protected]

Description

I'm using msal-browser 2.0 together with B2C. I'm successfully authenticating a user and retrieves an idToken (together with idTokenClaims) in handleRedirectPromise(). The data received in the idTokenClaims.groups defines what groups the logged in user is associated with. This data is needed client side to customise the user experience (e.g. to give access only to the user authorised pages).

However, I can't find a way to programatically ask msal-browser 2.0 for e.g. the idTokenClaims. This becomes a problem on a full page reload where the handleRedirectPromise() will be called with a null response (as per the docs).

My questions:

1. How come msal-browser 2.x doesn't expose an api to get the id token data for the already logged in accounts (as in getAccounts())? This seem to have been changed from comparing with msal-browser 1.0 where id token data can be obtained by calling getAccount(). Can't seem to find any docs about best practise for this use case. Or am I missing something?
2. If the answer on the previous questions is that it's _not_ possible to programmatically retrieve, then what's the best practice to store and retrieve idTokenClaims for logged in accounts using msal-browser 2.x? One idea I have is to save the token response from handleRedirectPromise() in e.g. local storage and then read it from there when needed, but I can't understand why the library don't just expose this data to the consumer via an api (since the lib have stored it in session/local storage).