Azure B2C claims such as UPN, Surname and GIvenName not returned

Parekh, Bijal 20 Reputation points
2024-05-27T12:09:16.68+00:00

We have an Azure B2C solution setup to authenticate our joint venture partners that are using Azure and Ping in their organization. We are using OpenID Connect for both Azure and Ping to sign-in users.

For both Azure (including our own organization) built in claims such as UPN, Surname and GIvenName are not returned.

The end point we are going to:

https://*.b2clogin.com/.onmicrosoft.com/oauth2/authresp

The claims such as Email Adress, Surname and GivenName have been added to both User Attributes as well as Application Claims:

User's image

User's image

However, email/UPN, Surname and GivenName are not in the claims being returned:

  • ver
  • iss
  • sub
  • aud
  • exp
  • nonce
  • iat
  • auth_time
  • idp
  • oid
  • tfp
  • c_hash
  • nbf
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,535 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Babafemi Bulugbe 3,785 Reputation points MVP
    2024-05-27T12:48:51.17+00:00

    Hello Parekh, Bijal,

    I understand that your application is not consuming the claims you have configured in your Azure B2C User flow.

    Kindly use the Jwt.ms application to check if this is an issue with the User Flow.

    Register a new application in your B2C tenant and test with this. Follow this link to get more information. https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-register-applications#register-a-web-application

    User's image

    If you are still experiencing the same issue, please let me know.

    Babafemi


  2. Akshay-MSFT 17,891 Reputation points Microsoft Employee
    2024-05-28T07:17:16.7233333+00:00

    @Parekh, Bijal

    Thank you for your response and screenshots. I was able to test this in my lab and got similar results by replicating API permission like in your tenant. However when I added **User.Read.All Application permission, I was able to get user claims like "**name" and "emails", request you to try the same and let me know if this does not work out.

    User's image

    User's image

    Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.

    Thanks,

    Akshay Kaushik


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.