This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 46%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hi,
I am using OIDC authentication (using Azure AD) for Hashicorp Vault application. I am successful in populating metadata like oid (object ID), upn (user prinicipal name) and name of the user. But I am unable to get mailNickname from JWT token claim.
On decoding the access token for my user, I do not see mailNickname as an attribute in the claims. Although if I hit, https://graph.microsoft.com/beta/me for my user, I see mailNickname as one of the attributes. I have given profile,
Directory.Read.All, GroupMember.Read.All permissions for Microsoft Graph API.
Can you let me know if I am missing anything here?
Regards,
Japneet
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 0%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBK%3C/text%3E%3C/svg%3E)
Hi @Japneet Sahni ,
As per this document, mailNickname is only returned on $select while using v1.0
Hope this helps.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have further questions about this answer, please click "Comment".
mailNickname does not correspond to any of the default claims, so if you want it represented in the token, you need to issue a custom claim: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 60%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECJ%3C/text%3E%3C/svg%3E)
Can you please be more specific and give an example? The documentation linked does not provide enough information to solve this issue.
@Vasil Michev @Bhanu Kiran : I have added mailnickname as an optional claim but it still says that this claim is not supported
"optionalClaims": {
"idToken": [
{
"name": "email",
"source": null,
"essential": false,
"additionalProperties": []
},
{
"name": "upn",
"source": null,
"essential": false,
"additionalProperties": []
},
{
"name": "groups",
"source": null,
"essential": false,
"additionalProperties": []
},
{
"name": "mailnickname",
"source": null,
"essential": false,
"additionalProperties": []
}
],
"accessToken": [],
"saml2Token": []
You need to add a "custom" claim, via directory extensions. It's covered in the second part of the article: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims#configuring-directory-extension-optional-claims
@Vasil Michev Can you please be more specific? Which "custom" claim needs to be added? The documentation you linked is insufficient to solve this issue.
Given this entry into the optional claims:
{
"name": "??",
"source": null,
"essential": false,
"additionalProperties": []
}
What name needs to be provided in order to get the Mail nickname field added to the token, Please be specific.