Share via

Azure AD B2C - Copy "scp" claim values to custom claim "scope"

Dyasani, Ranjeeth (NonEmp) 1 Reputation point
2021-10-07T12:56:32.16+00:00

Hello! We recently upgraded from on prem IDP to B2C. In our existing IDP, scopes requested are being sent back in the access token under the "scope" claim. With Azure B2C the scopes are sent in "scp" claim. In order to keep our changes minimal on the application side, we would like to copy the values of "scp" claim to a custom claim "scope". Is that possible, if so could I please get the documentation or sample to do so. Thank you!

Microsoft Security | Microsoft Entra | Microsoft Entra External ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,871 Reputation points Moderator
    2021-10-13T09:01:56.357+00:00

    @Dyasani, Ranjeeth (NonEmp) • You can't use claims transformation for this purpose because you can't actually access the actual scp claim in the pipeline, as it might be tempered and may cause serious security issues.

    Best you can do is, use {OIDC:Scope} claims resolver to capture scope parameter in the authentication request and pass it as scope claim in the token.

    Read more: https://learn.microsoft.com/en-us/azure/active-directory-b2c/claim-resolver-overview

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.