Does anybody know if is possible to remove the preferred_username claim from v2 access token for an app (resource server) with a ClaimsMappingPolicy applied without basic claim set? (no api access granted for the app on Azure AD)
Thank you in advance.
Hello @davidh-8273, preferred_username is member of the Restricted claim set and thus cannot be modified using a policy, the data source cannot be changed and no transformation is applied when generating it.
You can avoid getting it if the profile scope is omitted.
Let us know if this answer was helpful to you. If so, please remember to accept it so that others in the community with similar questions can more easily find a solution.
Thank you for the response. However, even omitting the profile scope in the request for the token, the v2 endpoint is still including the preferred_username claim in the response.
The configuration is simple, claim mapping without basic claim set and no additional claims, no scopes added to the app (resource server) in Azure AD, and just the api scope in the request for the token.
What can be wrong?
Best Regards,
David.
Hello @davidh-8273 and apologies for the delay. I will reach out the Azure AD team and will come back to you ASAP.
2 people are following this question.
