Azure AD B2C seems to be creating "unknown" users when refreshing id_token?

Question

It seems like a removed user account in Azure AD B2C is being resurrected (or recreated) when an application is requesting a new token (refresh token). In our case a mobile app requesting tokens.

When user accounts have been deleted, users with the same email address are suddenly visible with the name "unknown" but the same email addresss.

The Audit Log seems to start with a id_token request for users that have activity the last 7 days.

Isn't this strange if my assumption is correct? A removed user should never be able to refresh a token since the whole point of refresh tokens is that you can't refresh it if you no longer have access.

List of "unknown" users:

Audit Log for example user:

Answer 1

I have nailed down this issue with help from Microsoft support. It seems to be a user issue (not an Azure AD issue which is good) due to policies not enforcing users to set a DisplayName when registering.

Note to self: Users saying they haven't registered doesn't always mean they haven't.