Azure AD B2C custom claims not returned in token

Question

Azure AD B2C custom claims not returned in token

Fredrik Svensson 21

we are setting up an Azure AD B2C for our IoT Plattform where we have some custom claims.
We have a manual to setup the AADB2C and this has worked previously returning the custom claim.

But when i created a new instance this week it doesn't return the custom claim.
We setup a user flow with the following claims

the id_token looks like this

Has something changed the last months?

Accepted answer

2 additional answers

Your answer

Answer 1

Shweta Mathur 30,296 Microsoft Employee Moderator

Hi @Fredrik Svensson ,

Thanks for reaching out.

In order to get these claims, you need to navigate to your User Flow and select below:

User attributes: isAdmin(custom) along with other claims

Application claims: isAdmin(custom) along with other claims you wish to see it in the token sent back to your application.

Once we signed-up with a new user account and provided values to these attributes, only then we were able to get the claims in the token. The attributes with no value are not returned in the token.

Hope this will help.

Thanks,
Shweta

----------------------------

Please remember to "Accept Answer" if answer helped you.

Fredrik Svensson 21 Reputation points

2022-12-02T07:44:17.407+00:00

@SwathiDhanwada-MSFT

thanks for the reply!
We have always used the signin flow as users are created by an administrator and there
are no free signup to our plattform. And in the signin flow there are no "application claims" but it has worked before regardless...

do we need to use the signupsignin flow to get the custom claims back?
If so, can we remove the signup link in some way?

thank you
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2022-12-02T09:01:01.703+00:00

Hi @Fredrik Svensson ,

Thanks for the clarification.

SignIn flow does have "application claims' to send those claims which are set in the token.

However, SignIn flow does not have the "User Attributes" as we are not allowing to collect data from user during SignIn. Only those data which are collected during signUp will be verified and return in the token.

In earlier scenario, you might collect or set the claim while creating the user which was allowing you to retrieve those details in the token.

If this is the new user and isAdmin claim has not been collected anytime, Azure AD B2C won't return the value to that claim in the token.

Could you please confirm how Admin is creating the user and at any time admin is setting the value in custom claim?

Thanks,
Shweta
Moosara 0 Reputation points

2023-06-29T00:03:25.47+00:00

This worked for me and I can confirm once you add custom claims, even if you set the values, the accounts have to be created after the custom claims are added to the system. Doesn't matter if you set them or not.

Answer 2

Fredrik Svensson 21

@SwathiDhanwada-MSFT thanks for the clarification. we are currently investigating on our side.
It might be that we have manually set the IsAdmin flag previously on the first user and therefore never
seen the problem with the claim not returning.

when we are creating users in the ui we always set the IsAdmin to true/false

thanks for the info it helped us investigating and i will revert and accept the answer if we see that it fits

Answer 3

Fredrik Svensson 21

we have now verified that it works! thank you for your support @SwathiDhanwada-MSFT

i think the documentation really should clearly state that the custom claims need to be defined for them to be returned. seems to be some confusion and not just from me :)

Share via

Azure AD B2C custom claims not returned in token

2 additional answers

Your answer