Azure B2C claims

Datta Pawar 46 Reputation points
2020-04-22T16:48:05.273+00:00

Hello,

I have set up the Azure B2C tenants and registered the application as web/web api.
While log in I do get the id_token. Along with token I see only to claim attributes that is Name and Email.

7548-capture.jpg

Where as I would need the claims mentioned at open id URL

"claims_supported": [
"name",
"emails",
"idp_access_token",
"jobTitle",
"postalCode",
"newUser",
"oid",
"sub",
"idp",
"extension_PhoneNumber",
"tfp",
"iss",
"iat",
"exp",
"aud",
"acr",
"nonce",
"auth_time"
]

I have been through several blogs, in most of the cases I see custom attributes, but in my case first I need to get B2C built in claim attributes.

Apart from custom policy is there any way to get the built in attributes along with id_token?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,640 questions
Accepted answer
  1. AmanpreetSingh-MSFT 56,306 Reputation points
    2020-04-24T08:30:05.233+00:00

    @Datta Pawar The reason why (Display Name, Email Address, Job Title, PhoneNumber, Postal Code) claims were not returned in the token was because the user was added as an external (guest) user. The user didn't go through the signup process and the value for these attributes were not collected. The attributes with no value are not returned in the token. Once we signed-up with a new user account and provided values to these attributes, we were able to get the claims in the token. For existing users, if these attributes are not captured, you can use profile editing policy to populate values for these attributes.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,306 Reputation points
    2020-04-22T19:33:02.987+00:00

    @Datta Pawar In order to get these claims, you need to navigate to your User Flow and select below:

    • User attributes: Display Name, Email Address, Job Title, PhoneNumber(custom), Postal Code.
    • Application claims: Display Name, Email Address, Job Title, PhoneNumber(custom), Postal Code, Identity Provider Access Token, User is new, User's Object ID.

    Note:

    1. idp_access_token will only be returned if you signup/signin using a Social IDP.
    2. newUser claim is returned at signup only.
    3. In case of built-in policy, you can get either acr or tfp claim. Both these claims have policy name as value. To choose which claim should be returned in the token, you need to go to the properties blade of the user flow > Token compatibility settings > Claim representing user flow > use toggle button to either select tfp or acr.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.

    1 person found this answer helpful.