skip to Main Content

I am using following line of code for getting claims from azure ad, but I am unable to get first and second/last name of user.

var handler = new JwtSecurityTokenHandler();
JwtSecurityToken decodedeIdtoken = handler.ReadToken(base64IDToken) as JwtSecurityToken;
var claims = decodedeIdtoken.Claims;

Also,I have configured given_name and family_name in token configuration of my application on azure portal.

Kindly suggest possible solution to get first and last name in JWT claim.

2

Answers


  1. You need to be sure that the Given name and Surname claims are returned as a part of the JWT token:
    Configuration screenshot

    If these are selected and the authenticated user has associated given name and surname values, the JWT token will include given_name and family_name inside its payload.

    Moreover, if you need to, you can collect these attributes on sign up – the user will be required to enter values for his/her first and last name.
    Configuration screenshot

    Then the signup form will look like this (note the Given name and Surname inputs at the end):
    enter image description here

    Login or Signup to reply.
  2. Note that, @Tony Troeff approach will work if you want it in Azure AD B2C tenant.

    If your use-case is for normal Azure AD tenant, you need to pass profile scope while
    generating tokens to get family_name and given_name in JWT
    claims.

    I registered one Azure AD application and added API permissions as below:

    enter image description here

    In Token configuration, I added both family_name and given_name like below:

    enter image description here

    Now I generated access token using authorization code flow via Postman with scope as below:

    POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
    grant_type:authorization_code
    client_id:appID
    client_secret:secret
    scope: profile openid
    code:<code_from_above_Step>
    redirect_uri: https://jwt.ms
    

    Response:

    enter image description here

    When I decoded these tokens by pasting them in jwt.ms website, both have given_name and family_name claims like below:

    ID Token:

    enter image description here

    Access token:

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search