Claim resolves in Azure AD B2C for id_token

Dzenan 45 Reputation points
2023-05-23T10:14:36.5266667+00:00

I am using Azure AD B2C with custom policies to do claims transformation from claims received through OAuth2 Claims Provider Technical Profiles.

Checking out Claims resolvers in custom policies on the Microsoft documentation it has an example of how to access the access_token and output it in the resulting claims. It is also easy to access the claims within the access_token for further processing referencing the token with {oauth2:access_token}.

When reading through logs in Application Insights for my ClaimsProvider I can see references to

  • {token_exchange:access_token}
  • {token_exchange:id_token}

but I am not sure how to access these values within a custom policy.

My question is, is there any way to access claims passed in the id_token returned from the OAuth2 Claims Provider? Something along the lines of {oauth2:id_token}?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,764 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 17,656 Reputation points Microsoft Employee
    2023-05-25T11:09:22.0433333+00:00

    @Dzenan

    Thank you for posting your query on Microsoft Q&A, From above posted query I could understand that you are looking for "claims" "value" defined within custom policy.

    Please do correct me if this is not the case by responding in the comments section.

    • When you use Azure AD B2C, you have fine-grained control over the content of your tokens. You can configure user flows and custom policies to send certain sets of user data in claims that are required for your application. These claims can include standard properties such as displayName and emailAddress. Your applications can use these claims to securely authenticate users and requests.
    • The claims in ID tokens aren't returned in any particular order. New claims can be introduced in ID tokens at any time. Your application shouldn't break as new claims are introduced. You can also include custom user attributes in your claims
    • The following table lists the claims that you can expect in ID tokens and access tokens issued by Azure AD B2C by default.

    User's image

    User's image

    The claims schema is the place where you declare your claims for user to input values

    For example in below defined "ClaimsSchema" the claim name is "surname" and the value will be input by user within "TextBox":

    User's image

    User's image

    Please do let me know if you have any further queries by posting in the comments section.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

    0 comments No comments