This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 53%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
We have integrated a web client with OAuth to authenticate using Azure AD and are storing the token for later use. However, we need to exclude certain sensitive data, such as email, IP address, and name, which are not necessary for the application. Could you please help us configure the setup to remove these sensitive fields when using OAuth2 with Azure AD Entra via azure web-portal ?
Hi @P Kungvanrattana , you can use Optional Claims for this. Please review that documentation and let me know what questions you have!
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James
Since we are available to change a config to create optional claims and change the manifest
"name": "ipaddr", "essential": false
on accessToken then logic via this tenant we still found ipaddr on JWT token
Hi, I have updated news. when changing token v1 to v2 this solution works for me. thank you a lot. I have more questions since we exclude email and IPaddr but I have not found a way to exclude "name" on JWT. Could you please suggest a solution to how to solve it? let me know if "name" is built-in and can't emit on JWT.
Suppose this is an "out of the box" feature. let me know, please.