Azure B2C Userinfo Endpoint return a Boolean

Question

question

DisplayName-3010 asked Apr 27, '22 amanpreetsingh-msft commented May 19, '22

Azure B2C Userinfo Endpoint return a Boolean

Hello,

I am using a userinfo endpoint. If you return a claim of type boolean in the id_token if is correctly marked as a boolean in the token.
If you are using the uerinfo endpoint and create a json there, if is returned as a string with value "False" or "True". Is there a possibility to configure this, or is this a bug or non-implemented feature in the current solution?

Example Userinfo:
{
"sub": "",
"email": "someemail@email.com",
"locale": "de",
"extension_residency": "False"
}

Example Token

{
"typ": "JWT",
"alg": "RS256",
"kid": ""
}.{
"exp": 1651119806,
"nbf": 1651033406,
"ver": "1.0",
"iss": "",
"sub": "",
"aud": "",
"acr": "**",
"nonce": "defaultNonce",
"iat": 1651033406,
"auth_time": 1651033406,
"locales": "de",
extension_residency": false*
}.[Signature]

azure-ad-b2c

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 1 · 2022-04-29T07:35:25.88Z

amanpreetsingh-msft answered Apr 29, '22 amanpreetsingh-msft commented May 19, '22

Hi @DisplayName-3010 • Thank you for reaching out.

Unfortunately, as of now, you cannot configure how it should be returned as a response to calling the UserInfo endpoint. So, it is not a bug but a non-implemented feature. You can post an idea regarding this at the Azure Feedback portal.

The UserInfo endpoint is designed to return the boolean attributes as either true or false, depending on the default value configured for the attribute in the custom policy.

For example, if the value of the boolean attribute (extension_boolval in this case) in the token is false but the RP (signup/sign-in) file is configured with the DefaultValue for this attribute as true, the UserInfo endpoint will return the value as True.

Value of the boolean attribute in the Token:
Configuration in the signup/signin xml file:
Response from UserInfo endpoint:

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

image.png (21.5 KiB)

image.png (6.5 KiB)

image.png (7.4 KiB)

· 8

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DisplayName-3010 · May 04 at 07:07 AM

So a boolean in a token is returned as
{
"extension_boolean": false
}

But in the userinfo endpoint as
{
"extension_boolean": "False"
}

Even though both are json. Why is there a difference between the two representations in the json? One has quotes, and one does not have quotes.

The claims schema is the same, so why is the behavior not the same for the output?

0 ·

amanpreetsingh-msft DisplayName-3010 · May 05 at 02:33 AM

@DisplayName-3010 • As I have mentioned in my response above, the output of the UserInfo endpoint depends on the DefaultValue of the output claim specified in the RP file. So, It returns the default value as a string (in quotes) and not as a boolean value because it is not dynamically changed when fetched from the UserInfo endpoint. On the other hand, in the token, the value is returned as a boolean value that can be dynamic and the token can have the value as either True or False.

Even though, both the token and the UserInfo output is in JSON format, the type of the value depends on how it is being passed. In the UserInfo endpoint, it is passed as a string that's why there are quotes and in the token, it is passed as a boolean value, which is why there are no quotes.

Hope this clarifies. Please do Share your feedback about the answer and "Accept the answer" if the information helped you.

1 ·

amanpreetsingh-msft amanpreetsingh-msft · May 06 at 10:58 AM

@DisplayName-3010 • Just checking if you have any further questions.

1 ·

Show more comments

question