Currently, using B2C with custom policies having moved from Auth0. It was possible within Auth0 to access the scope claim/property of an incoming login request from the UI and then use that value within Rules to apply some logic. This doesn't seem to be easily do-able in B2C
My user journey allows a user to login using their Azure / Office 365 login via an AD Connector, then enrich the user's claim by calling one of my APIs to get more information about that user account before returning the updated claims to the UI. This all works fine.
What I want to do is expand the enrichment request to include the Audience value from the incoming login request. I have multiple front-end applications that use B2C and want different extra info included in the claims sent back to the UI so filtering on Client ID of the Azure AD APP used by the UI would be good. I would also like to see/access the Scope from the incoming login request as it has some information I would like send to the backend API.
I've tried the following but it doesn't like aud or audience as a claim name and scope is always null.
<TechnicalProfile Id="REST-API">
<DisplayName>Enrich User</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<!-- Set the ServiceUrl with your own REST API endpoint -->
<Item Key="ServiceUrl">https://xxx.mydomain.com/users/b2c</Item>
<Item Key="SendClaimsIn">Body</Item>
<!-- Set AuthenticationType to Basic or ClientCertificate in production environments -->
<Item Key="AuthenticationType">ApiKeyHeader</Item>
<Item Key="AllowInsecureAuthInProduction">false</Item>
</Metadata>
<CryptographicKeys>
<Key Id="Authorization" StorageReferenceId="B2C_1A_RestApiKey" />
</CryptographicKeys>
<InputClaims>
<!-- Claims sent to your REST API -->
<InputClaim ClaimTypeReferenceId="email" />
<InputClaim ClaimTypeReferenceId="givenName" />
<InputClaim ClaimTypeReferenceId="surname" />
<InputClaim ClaimTypeReferenceId="aud" />
<InputClaim ClaimTypeReferenceId="scope" />
<InputClaim ClaimTypeReferenceId="scp" />
<InputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
</InputClaims>
<OutputClaims>
<!-- Claims parsed from your REST API -->
<OutputClaim ClaimTypeReferenceId="isEnabled" />
<OutputClaim ClaimTypeReferenceId="userId" />
<OutputClaim ClaimTypeReferenceId="accountCode" />
<OutputClaim ClaimTypeReferenceId="role" />
<OutputClaim ClaimTypeReferenceId="env" />
</OutputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>