To issue your custom claims in an access token you need to use your app registration as the OAuth2 resource. Eg. /authorize? client_id=APP_ID&scope=APP_ID/.default
How to add custom claims to the Access Token using custom user Attributes.
Good afternoon MS team,
I am writing you because I am looking for information on how to add custom claims when the application is generating JWT token, but I can't add them to the AccessToken, but I can see them in the IDToken, .
Questions:
Can I configure custom claims in my AccessToken by adding test2, mytest, t2020, etc? Is this option possible? if so, how?
I have been reading these links but to no success:
- https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-add-attributes-to-token (the properties are added only in the IDToken)
- https://learn.microsoft.com/en-us/entra/identity-platform/custom-extension-tokenissuancestart-configuration?tabs=azure-portal%2Cworkforce-tenant
Thoughts?, insights?,
Thanks a lot
Cheers,
Moisés.
-
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,246 Reputation points
2024-04-25T08:19:41.3633333+00:00
1 additional answer
Sort by: Most helpful
-
Sandeep G-MSFT 14,646 Reputation points Microsoft Employee
2024-04-25T08:55:58.65+00:00 Thank you for posting this in Microsoft Q&A.
You can add custom attributes to the claims and send it within an access token.
You can follow the steps mentioned below:
- Create an AzureADPolicy.
New-AzureADPolicy -Definition @('{
"ClaimsMappingPolicy": {
"Version": 1,
"IncludeBasicClaimSet": "true",
"ClaimsSchema": [{
"Source": "user",
"ID": "test2",
"JwtClaimType": "test2"
},
{
"Source": "user",
"ID": "mytest",
"JwtClaimType": "mytest"
},
{
"Source": "user",
"ID": "t2020",
"JwtClaimType": " t2020"
},
{
"Source": "user",
"ID": "tetttteeesss",
"JwtClaimType": " tetttteeesss"
}
]
}
}') -DisplayName "CustomClaimsPolicy1" -Type "ClaimsMappingPolicy"
Attach the newly created AzureADPolicy to a specific AzureAD App's Serviceprincipal for which the token would be requested for.
Add-AzureADServicePrincipalPolicy -Id {object id of service principal} -RefObjectId {object id of policy}
To check if the policy is successfully added to the ServicePrincipal or not:
Get-AzureADServicePrincipalPolicy -Id "{object id of service principal}"
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.