@Olingi
Thank you for your post and I apologize for the delayed response!
Environment:
- You have a Web App registered as an Enterprise App within your Azure AD tenant
- Users use this App to sign in
- The App calls another API within your Azure AD tenant to access data after the user signs in.
- Each user should be able to access this data based on the information your tenant provided.
----------------------------------
Issue:
From our documentation, you haven't found a way to add this info (i.e. custom claim) to the user's Access Token so that your API can use this to scope
(I'm assuming query) the data available to the user.
Findings:
When it comes to Customize claims emitted in tokens for a specific app in a tenant, you should be able to do this by following our Custom Claims to a user's Access Token (jwt
) documentation. Please keep in mind that claims customization supports configuring claim-mapping policies for the WS-Fed
, SAML
, OAuth
, and OpenID Connect
protocols. For more info - Customize claims emitted in tokens - Get started.
{
"ClaimsMappingPolicy":
{
"Version":1,
"IncludeBasicClaimSet":"true",
"ClaimsSchema":[{"value":"myConstantValue","JwtClaimType":"myClaim"}]
}
}
Additional Links:
Azure AD - Custom Claims in Access Tokens - This related issue details an example of how to get the claims (constant names and values) every time an access token is requested.
Azure AD - add custom claim to access token - This thread details adding a custom "prn" claim to the token.
I hope this helps!
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.