Question 105963 in Azure Question posted in
The official documentation to get you started can be found here.

Add app extension attribute in user flow JWT Azure AD B2C

I am working in Azure AD B2C to add custom extensions per application. Theses extensions must be returned in the jwt when the login is requested by the application.

So I create the extension on the app using the graph api

POST https://graph.microsoft.com/v1.0/applications/{{appid}}/extensionProperties
{
    "name": "name",
    "dataType": "String",
    "targetObjects": [
        "User"
    ]
}

Then I associate a value for a specific user

PATCH https://graph.microsoft.com/v1.0/users/{{userid}}
{
    "extension_{{appid(without dashes}}_name": "1234"
}

Now I go on the app manifest to add the optional claim.

"optionalClaims": {
        "idToken": [
            {
                "name": "extension_{{appid(without dashes}}_name",
                "source": "user",
                "essential": true,
                "additionalProperties": []
            }
        ],
        "accessToken": [
            {
                "name": "extension_{{appid(without dashes}}_name",
                "source": "user",
                "essential": true,
                "additionalProperties": []
            }
        ],
        "saml2Token": []
    },

Save but the claim never appear on the jwt token.

I also tried using the answer of this post but didn’t work either.

Tags:

2

Answers


  1. 0

    I tried to reproduce the same in my environment and got the claims successfully

    As Jas Suri – MSFT commented, this will only work if you are adding optional claims to Azure AD application.

    I created the extension attribute via Graph API like below:

    enter image description here

    I associated the above extension attribute to a specific user like below:

    enter image description here

    Please check whether that extension attribute is visible in optional claims UI or not and add like below:

    enter image description here

    When you check the manifest, it will be added automatically like below:

    enter image description here

    I generated the JWT token using auth-code flow via Postman like below:

    enter image description here

    After decoding the JWT token (ID-Token), I got the claims successfully like below:

    enter image description here

    Login or Signup to reply.
  2. 0

    The problem is you’ve used Optional claims setup, which works for AAD but not AAD B2C.

    Follow this: https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-flow-custom-attributes?pivots=b2c-user-flow

    If you want to select your custom attribute through the Azure Portal – AAD B2C – User Attributes blade, and the attribute was created via Graph API, you have to recreate it in the Portal for it to reconcile.

    You would also need to target the b2c-extensions-app AppId when defining the attribute with Graph API.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search