AuthorizationHandlerContext.User is null for token generated through Custom Policy

Aaditya Shete 1 Reputation point
2021-08-11T11:37:23.617+00:00

Hi there.
I was working with out of the box userflows provided in Azure AD for sign up sign in using phone number. The login is done using a react spa and we are using bearer auth to call API's.
The server side code checks for scopes on startup. Everything was working fine when using the Out of box flows. Users can login successfully and call API's.
Now we have switched to a custom policy that lets users signup and signing using phone number. But the token returned from the custom policy shows no claims. We have used the starterpack provided from the tutorials with the scenario - passwordless login (https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/phone-number-passwordless)

The server side code that reads the scopes is as follows -

services.AddAuthentication( AzureADB2CDefaults.BearerAuthenticationScheme )
    .AddAzureADB2CBearer( o => Configuration.Bind( "AzureAdB2C", o ) );
services.AddAuthorization( options => {
    static bool hasScope( string scope, AuthorizationHandlerContext handler )
    {
        var claim = handler.User.FindFirst( "http://schemas.microsoft.com/identity/claims/scope" );
        string[] scopes = claim?.Value.Split( ' ' );
        return scopes?.Where( s => s == scope ).Any() ?? false;
    }

} );

here in the hasScope method the handler.User object is null with the custom policies

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,801 questions
{count} votes