Share via

Unable to get Claims like Phone Number, City , etc. in Access Token or ID Token

Shrikant Bhagwat 61 Reputation points
2025-03-15T14:39:45.4766667+00:00

Decode of Access Token

{

"typ": "JWT",

"nonce": "kmsSwnrdRoACjaAaz3afapGU34_HGkqtUjlOZel2nIQ",

"alg": "RS256",

"x5t": "JDNa_4i4r7FgigL3sHIlI3xV-IU",

"kid": "JDNa_4i4r7FgigL3sHIlI3xV-IU"

}.{

"aud": "00000003-0000-0000-c000-000000000000",

"iss": "https://sts.windows.net/c4d58d8c-5770-4d99-a00d-b40b732b1e41/",

"iat": 1742048172,

"nbf": 1742048172,

"exp": 1742053655,

"acct": 0,

"acr": "1",

"aio": "AWQAm/8ZAAAAigvZ+PGoteMSfplEKgsBNBWCtfk0c6V+087QRLjB8FVnoL+sdE76HVxvLWrGQYH/jRhq4BKY0cPGuGOhHxlNiJQBfdl6kDoEeylJnQFEiYjUMA6C3NKptXaYaQvpBoDY",

"amr": [

"pwd"

],

"app_displayname": "Apache OAuth-OIDC App",

"appid": "fb74eebd-2ec6-47aa-8387-57c8c39254db",

"appidacr": "1",

"family_name": "Bhagwat1",

"given_name": "Shrikant1",

"idtyp": "user",

"ipaddr": "141.214.17.252",

"name": "Shrikant1 Bhagwat1",

"oid": "5ce5ffdc-bb17-4bd4-a0d6-b85991873fed",

"platf": "3",

"puid": "100320044D66E733",

"rh": "1.AVAAjI3VxHBXmU2gDbQLcyseQQMAAAAAAAAAwAAAAAAAAABQABRQAA.",

"scp": "email openid profile",

"sid": "00301899-0306-6a12-cdac-6bedc345593d",

"sub": "S_2mAURgePvmoj-sdgvTb_MWUBbdwIxWuuR65Oclb2o",

"tenant_region_scope": "NA",

"tid": "c4d58d8c-5770-4d99-a00d-b40b732b1e41",

"unique_name": "******@bhagwatsaz.net",

"upn": "******@bhagwatsaz.net",

"uti": "HJ8OxyrtT0u5G_WxljR0AA",

"ver": "1.0",

"wids": [

"b79fbf4d-3ef9-4689-8143-76b194e85509"

],

"xms_ftd": "w1LPc-9qQQ4AyJZy9JLtU_oNAd1DJKgGWmxu5wiihx4",

"xms_idrel": "1 12",

"xms_st": {

"sub": "IiBvpyvj0nI1_QLn3DGE8wT8Yv7f3ICN1zRqXaOv8WA"

},

"xms_tcdt": 1625580930

}.[Signature]

Screen1

Screen3

How do we add new Claim like Phone Number, City in this table.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Accepted answer
  1. Navya 20,575 Reputation points Microsoft External Staff Moderator
    2025-03-17T03:02:50.5+00:00

    Hi @Shrikant Bhagwat

    I understand you are trying to get new Claim like Phone Number, City in access token and id_token

    Steps to Create and Assign a Claims Mapping Policy:

    1.Import the Microsoft Graph Identity Sign-Ins Module and Connect:

    Install-Module Microsoft.Graph.Identity.SignIns
Import-Module Microsoft.Graph.Identity.SignIns
Connect-MgGraph -Scopes "Policy.ReadWrite.ApplicationConfiguration", "Policy.Read.All"

    2.Create a Claims Mapping Policy Including Phone Number and City:

    $policyDefinition = @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true", "ClaimsSchema": [{"Source":"user","ID":"telephoneNumber","JwtClaimType":"phone_number"}, {"Source":"user","ID":"city","JwtClaimType":"city"}]}}')

New-MgPolicyClaimMappingPolicy -Definition $policyDefinition -DisplayName "IncludePhoneNumberAndCity"

    3.Retrieve the Policy ID:

    $policy = Get-MgPolicyClaimMappingPolicy -Filter "DisplayName eq 'IncludePhoneNumberAndCity'"
$policyId = $policy.Id
$policyId

    4.Assign the Policy to a Service Principal:

     
New-MgServicePrincipalClaimMappingPolicyByRef -ServicePrincipalId <servicePrincipalId> -BodyParameter @{"@odata.id" = "https://graph.microsoft.com/v1.0/policies/claimsMappingPolicies/<claimsMappingPolicyId>"}

    Expose an API and add scope like below:

    User's image

    Grant API permissions

    User's image

    "In the manifest, update the following:

    acceptMappedClaims: true
requestedAccessTokenVersion: 2

    Make sure to pass the scope as api://ClientID/.default to generate the access token.

    Then, try requesting both an access token and an ID token, ensuring that the signed-in user has provided values for those properties; otherwise, they will appear as blank."

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.