How to include Optional claim in azure ad app registration?

Sivakumar Subramani 1 Reputation point
2021-08-09T15:52:03.863+00:00

We would like to include additional value into the token which we will be extract from the token while Authorize.

We tried as per the document(https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims). The thing is we choosen upn, and as part of body we are sending the same like "upn": "user_detail". But it is not included as part of token.

What are the configs to change make it work?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,971 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 37,061 Reputation points Microsoft Employee
    2021-08-09T21:55:50.887+00:00

    Make sure that you have added the profile scope, as "upn" requires the profile scope. You can add the profile scope under API Permissions (Type = delegated). https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims#v20-specific-optional-claims-set

    The type name is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn

    I assume you are using regular Azure AD, but if by some chance you are using B2C, the unique name is stored in the signInNames attribute and upn is not used.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.