Bug - Dynamics 365 User's new properties that connect to Azure AD can't be updated

BACKGROUNG

We provide Saas with our own Azure AD/Crm online, to our website user from other (alien companies) log in and after consenting permissions, our website can read data in their (alien) Azure AD/Crm online.

With the update of Dynamics 365 Online, The systemuser entity has three new attributes to be able to create application token to connect to Crm from multitenant applications as the application.
 
One must from an alien AD log in, consent the application and then in the alien Crm create auser and apply the client id.

This is done with the instructions at https://msdn.microsoft.com/en-us/library/mt790170.aspx and at https://msdn.microsoft.com/en-us/library/mt790171.aspx

When done, the alien Crm will take the client id and search it in the alien Azure AD, it will be found as a granted consent and a link is done.
 
THE BUG
 
If the origin application needs to update his configuration or permission, they are not synchronized to the copy in the alien AD, thus for the alien system to get the update, they have to delete the copy of the application in the alien azure AD and the admin of this alien AD has to log in again to grant again the permission, thus becoming an updated configuration.
 
But sadly, the alien Crm user won't be updated, it will still be pointing to the deleted object in azure AD.
 

After this update, our website will not be able to create tokens for that alien CRM anymore because the link is broken.

 
THE FIX
 
The new property 'Azure AD Object ID' points to the Object Id belonging to the Principal Object that represents the application, this id must be updated to the id of the new  Principal Object that is created after a second grant of permissions.
 
I tested to do it with code and the interface, it was not possible, from the new properties only 'client id' can be changed to be set to null.

Actually the linking process only happens when the user is created.
 
The workaround that I found for the moment is set the 'client id' to null (with code) and after create a new user and set the same client id to retrigger the linking.