This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 30%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hi,
we are creating a flow in Azure AD B2C by using custom policies. By default, access_token contains an audience claim (named aud) which has the value set to the application ID.
We would like to change that value by attaching an additional string to it, ie. aud="applicationID OUR_CUSTOM_ID".
In order to achieve that, we would need to read the aud claim value in the custom policy and then set the aud claim to a new value.
We haven't been successful with neither of those two things, so the questions are:
aud claim for the access token? aud claim from the access token? Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
I'm not sure if this can be done since the claim is defined by the issuer. https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/active-directory-b2c/id-token-hint.md
@Jas Suri do you have any insights around this one?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 28.999999999999996%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
The only way I can see this being resolved, but not optimally is as follows:
In the relyingParty section, add the aud claim yourself with a defaultValue.
xml
<OutputClaim ClaimTypeReferenceId="aud" DefaultValue="applicationID OUR_CUSTOM_ID" AlwaysUseDefaultValue="true"/>
Downside is that the Relying party is fixed regardless of the clientId used in the auth request.
@MarileeTurscak , @Jas Suri thank you for the answers.
Unfortunately, the proposed workaround does change the value of the aud claim in the id_token but not in the access_token.