question

SivakumarSubramani-2781 avatar image
0 Votes"
SivakumarSubramani-2781 asked RakeshJagatap-4451 commented

How to include Optional claim in azure ad app registration?

We would like to include additional value into the token which we will be extract from the token while Authorize.

We tried as per the document(https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims). The thing is we choosen upn, and as part of body we are sending the same like "upn": "user_detail". But it is not included as part of token.

What are the configs to change make it work?

azure-ad-app-registration
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

0 Votes 0 ·

1 Answer

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered MarileeTurscak-MSFT edited

Make sure that you have added the profile scope, as "upn" requires the profile scope. You can add the profile scope under API Permissions (Type = delegated). https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims#v20-specific-optional-claims-set

The type name is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn

I assume you are using regular Azure AD, but if by some chance you are using B2C, the unique name is stored in the signInNames attribute and upn is not used.





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.