Azure B2C claims

Question

question

DattaPawar-6083 asked Apr 22, '20 amanpreetsingh-msft answered Apr 24, '20

Azure B2C claims

Hello,

I have set up the Azure B2C tenants and registered the application as web/web api.
While log in I do get the id_token. Along with token I see only to claim attributes that is Name and Email.

Where as I would need the claims mentioned at open id URL

"claims_supported": [
"name",
"emails",
"idp_access_token",
"jobTitle",
"postalCode",
"newUser",
"oid",
"sub",
"idp",
"extension_PhoneNumber",
"tfp",
"iss",
"iat",
"exp",
"aud",
"acr",
"nonce",
"auth_time"
]

I have been through several blogs, in most of the cases I see custom attributes, but in my case first I need to get B2C built in claim attributes.

Apart from custom policy is there any way to get the built in attributes along with id_token?

azure-ad-b2c

capture.jpg (55.0 KiB)

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AlexisPage-0149 · Apr 24, 2020 at 01:15 AM

What are you doing today.

0 ·

Answer 1 · 2020-04-24T08:30:05.233Z

amanpreetsingh-msft answered Apr 24, '20

@dattapawar-6083 The reason why (Display Name, Email Address, Job Title, PhoneNumber, Postal Code) claims were not returned in the token was because the user was added as an external (guest) user. The user didn't go through the signup process and the value for these attributes were not collected. The attributes with no value are not returned in the token. Once we signed-up with a new user account and provided values to these attributes, we were able to get the claims in the token. For existing users, if these attributes are not captured, you can use profile editing policy to populate values for these attributes.

Please "Accept as answer" wherever the information provided helps you to help others in the community.

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 2 · 2020-04-22T19:33:02.987Z

amanpreetsingh-msft answered Apr 22, '20 amanpreetsingh-msft commented Apr 23, '20

@DattaPawar-6083 In order to get these claims, you need to navigate to your User Flow and select below:

User attributes: Display Name, Email Address, Job Title, PhoneNumber(custom), Postal Code.
Application claims: Display Name, Email Address, Job Title, PhoneNumber(custom), Postal Code, Identity Provider Access Token, User is new, User's Object ID.

Note:

idp_access_token will only be returned if you signup/signin using a Social IDP.
newUser claim is returned at signup only.
In case of built-in policy, you can get either acr or tfp claim. Both these claims have policy name as value. To choose which claim should be returned in the token, you need to go to the properties blade of the user flow > Token compatibility settings > Claim representing user flow > use toggle button to either select tfp or acr.

Please "Accept as answer" wherever the information provided helps you to help others in the community.

· 2

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DattaPawar-6083 · Apr 23, 2020 at 11:38 AM

Thank you Aman for the response. I have made the changes into User attributes and Application claims and also tried with acr and tfp.
Still I see only name and email address as part of id_token.

Can we have quick call? please let me know your availability.

0 ·

tpf.jpg (97.3 KiB)

id-token.jpg (27.8 KiB)

amanpreetsingh-msft DattaPawar-6083 · Apr 23, 2020 at 05:25 PM

@dattapawar-6083 Please send an email at AzCommunity[at]microsoft[dot]com and I will reach out to you.

0 ·

question

Azure B2C claims

2 Answers

question details

question

Azure B2C claims

2 Answers

question details

Related Questions