question

DattaPawar-6083 avatar image
0 Votes"
DattaPawar-6083 asked ·

Azure B2C claims

Hello,

I have set up the Azure B2C tenants and registered the application as web/web api.
While log in I do get the id_token. Along with token I see only to claim attributes that is Name and Email.

7548-capture.jpg



Where as I would need the claims mentioned at open id URL


"claims_supported": [
"name",
"emails",
"idp_access_token",
"jobTitle",
"postalCode",
"newUser",
"oid",
"sub",
"idp",
"extension_PhoneNumber",
"tfp",
"iss",
"iat",
"exp",
"aud",
"acr",
"nonce",
"auth_time"
]

I have been through several blogs, in most of the cases I see custom attributes, but in my case first I need to get B2C built in claim attributes.

Apart from custom policy is there any way to get the built in attributes along with id_token?

azure-ad-b2c
capture.jpg (55.0 KiB)
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

What are you doing today.

0 Votes 0 · ·
amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

@dattapawar-6083 The reason why (Display Name, Email Address, Job Title, PhoneNumber, Postal Code) claims were not returned in the token was because the user was added as an external (guest) user. The user didn't go through the signup process and the value for these attributes were not collected. The attributes with no value are not returned in the token. Once we signed-up with a new user account and provided values to these attributes, we were able to get the claims in the token. For existing users, if these attributes are not captured, you can use profile editing policy to populate values for these attributes.


Please "Accept as answer" wherever the information provided helps you to help others in the community.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
1 Vote"
amanpreetsingh-msft answered ·

@DattaPawar-6083 In order to get these claims, you need to navigate to your User Flow and select below:

  • User attributes: Display Name, Email Address, Job Title, PhoneNumber(custom), Postal Code.

  • Application claims: Display Name, Email Address, Job Title, PhoneNumber(custom), Postal Code, Identity Provider Access Token, User is new, User's Object ID.

Note:

  1. idp_access_token will only be returned if you signup/signin using a Social IDP.

  2. newUser claim is returned at signup only.

  3. In case of built-in policy, you can get either acr or tfp claim. Both these claims have policy name as value. To choose which claim should be returned in the token, you need to go to the properties blade of the user flow > Token compatibility settings > Claim representing user flow > use toggle button to either select tfp or acr.


Please "Accept as answer" wherever the information provided helps you to help others in the community.





· 2 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you Aman for the response. I have made the changes into User attributes and Application claims and also tried with acr and tfp.
Still I see only name and email address as part of id_token.

7653-user-attributes.jpg

7549-claims-attributes.jpg


7479-id-token.jpg



Can we have quick call? please let me know your availability.

0 Votes 0 · ·
tpf.jpg (97.3 KiB)
id-token.jpg (27.8 KiB)

@dattapawar-6083 Please send an email at AzCommunity[at]microsoft[dot]com and I will reach out to you.

0 Votes 0 · ·