Query Parameter in Authorize url to be passed to custom claims provider

Question

Query Parameter in Authorize url to be passed to custom claims provider

Mohamed Seamari 0

Using the following sample: https://learn.microsoft.com/en-us/entra/identity-platform/custom-extension-tokenissuancestart-configuration?tabs=azure-portal%2Cexternal-tenant I succeeded in triggering an Azure Function on the TokenIssuanceStart event to add custom claims to both the identity and access token.

as the tenant I'm working on is an "External" tenant I have to use the following url to login and get a token: https://{domainName}.ciamlogin.com/{tenantId}/oauth2/v2.0/authorize?client_id={App_to_enrich_ID}&response_type=id_token&redirect_uri=https://jwt.ms&scope=openid&state=12345&nonce=12345

now on this same url I want to add my own query parameter to it and have it pass to the Azure Function.

for example if I go to the following url: https://{domainName}.ciamlogin.com/{tenantId}/oauth2/v2.0/authorize?client_id={App_to_enrich_ID}&response_type=id_token&redirect_uri=https://jwt.ms&scope=openid&state=12345&nonce=12345?myparam=hello

I want the query parameter myparam to go either to be passed to the azure function as a query parameter for example: https://myazurefunction.azurewebsites.net/api/CustomClaims?myparam=hello

or that the query parameter is added as data in the "onTokenIssuanceStartCalloutData" when the azure function is triggered

2 answers

Your answer

Answer 1

Akhilesh Vallamkonda 15,320 Microsoft External Staff Moderator

Hi @Mohamed Seamari

Thank you for reaching Microsoft Q&A Forum!

If I understand correctly you would like to add the custom parameter to your URL, you have registered the custom claim in Entra ID which involves setting up the token issuance event and specifying the endpoint of your Azure Function.
The application developer needs to implement the Azure Function to handle the incoming requests and process the custom query parameters.
I suggest you reach the application developer to achieve your ask.

Hope this helps. Do let us know if you any further queries by responding in the comments section.
Thanks,

Akhilesh

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Mohamed Seamari 0 Reputation points

2024-12-10T14:46:28.8666667+00:00
Hi I would like to clarify some matters,

I am the developer, I have access to the source code of the Azure Function

I am also the person that is configuring "External Identities"

The Azure Function is properly executed on login and both the Identity Token as the Access token properly show the custom claims

the Custom claim provider endpoint is configured as follows:

when I sign-in using the previously mentioned url with query parameter "myparam=hello" the azure functions's HttpRequest.Query or HttpRequest.HttpContext .Query does not show this query parameter
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator

2024-12-26T14:30:09.9666667+00:00

Hi @Mohamed Seamari
apologies delay in response, the document you followed is a custom claim and this claim pass in the token not to build the custom URL.
if you want to test the custom claims provider, please follow test the application which you can see in the decoded token
Mohammed Osman 0 Reputation points

2025-01-02T02:55:37.4566667+00:00

Hi @Mohamed Seamari ,
Have you managed to find a solution for this? I am facing the same scenario.
Mohamed Seamari 0 Reputation points

2025-01-06T14:05:30.3666667+00:00

unfortunately, I have not found an answer to this yet

@Akhilesh Vallamkonda your response does not address the question I asked,

the question is when I access the sign-in URL I want custom query parameters to be available in the custom claims provider.
Aaron Galvan 0 Reputation points

2025-02-24T22:56:58.11+00:00

Same here, were you able to find a solution for this?, I already have a "Custom claims provider" working but still need to pass extra information to the Azure Function from the Authentication URL.
Aaron Galvan 0 Reputation points

2025-02-24T23:01:53.5266667+00:00

Were you able to find a solution for this?, I am also facing the same scenario here, I already have a "Custom Claims Provider" working but still need to pass additional information from the Authentication URL to the Azure Function using an extra query parameter.

Answer 2

Nicholas Plant 0

I have the same issue - did you find direct way of doing it. I haven't had time to test it yet but I think I have an indirect way to do it. I think you will first need to create a custom attribute in the entra directory. Then use onattributesubmit to push the value from your app into the entra directory, then do your ontokenissueancestart event and pass the newly populated custom user attribute as part of the request body. Then your custom claims provider will be able to use this attribute to apply whatever logic it needs to construct the custom claims.

If you find a way to do it or find that my way works please update us.

Nicholas Plant 0 Reputation points

2025-03-16T19:30:44.3633333+00:00

Also see https://github.com/MicrosoftDocs/entra-docs/blob/main/docs/identity-platform/reference-claims-customization.md#claim-sets

Share via

Query Parameter in Authorize url to be passed to custom claims provider

2 answers

Your answer