Share via

Azure AD B2C - Extension attribute/claims

Jennifer 6 Reputation points
2021-05-18T10:43:40.933+00:00

Hello,
We currently have a Web App that communicates with an API (both in .NET Core).

I have successfully set up authentication, and want a user to be able to assign a role to other users and have that role appear in the Claims when they log in. So I created the user attribute Role :
97410-image.png

I use the MS Graph API to retrieve users by their ID and assign them the role (among others) with the extension attribute ("extension_b2cExtensionsAppID_Attribute") thanks to this piece of code:
97377-image.png

The request proceeds normally, my object contains the 2 additionalData :
97472-image.png

But when this user connects, I can't find the data in the Claims, even though I specified that I wanted this information in my "sign in/sign up" user flow:
97378-image.png
97511-image.png

I have also tried this manipulation since https://developer.microsoft.com/en-us/graph/graph-explorer without success.

Can you tell me what I am doing wrong?
I thank you in advance and wish you a nice day,
Jennifer

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,775 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jennifer 6 Reputation points
    2021-08-11T22:53:39.86+00:00

    Hi @AmanpreetSingh-MSFT ,

    Thanks for your answer. I finally found the solution to my problem. I have to use AddSessionTokenCaches() instead of AddInMemoryTokenCaches() as below :
    122483-image.png
    If we choose AddSessionTokenCaches(), the cache is linked to the user session. So if we disconnect, the token is updated.
    If we choose AddInMemoryTokenCaches(), the token is stored in memory. So if we restart the solution, it is lost.

    which sends me the information in the claims :
    122532-image.png

    Have a nice day,
    Jennifer

    1 person found this answer helpful.
    0 comments
  2. AmanpreetSingh-MSFT 56,506 Reputation points
    2021-05-20T06:59:51.147+00:00

    Hi @Jennifer · Thank you for reaching out.

    I don't think the problem is with your code. To confirm this, could you please try below steps to get a token without using your code.

    1. Registering a new Application in B2C, set reply url to https://jwt.ms, and select checkboxes for Access token and ID token under Authentication blade of the app.
    2. Use Run user flow option and select the application created in step 1.
      98163-image.png
    3. After successful authentication, you will be redirected to https://jwt.ms and the token will be decoded automatically.

    Additionally, you need to make sure the values for these attributes are populated. Attributes with null value are not returned in the token. Make sure you populate the values by profile editing policy for existing users and new users need to provide the value for these attributes during signup.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments