Oid and sub claim are missing from AAD V2 access token

Question

Oid and sub claim are missing from AAD V2 access token

Geethanjali 41 Microsoft Vendor

Answer 1

Shweta Mathur 15,066 Microsoft Employee

Hi @Geethanjali ,

Thanks for reaching out.

I understand that for first party application, you are not able to get oid and sub claim in access token.

As this is first party application and when you are signing in with MSA account, MSA pass through the user and does not add as guest user object in the tenant.
Since there is no object ID of User, so no OID claim returning in the token.

Alternatively, OID and sub claims will be null and not returned in the token, if the user logs in into a tenant where the apps are not provisioned, and its service principal is missing in that tenant.

Hope this will help.

Please remember to "Accept Answer" if answer helped you.
Thanks,
Shweta

Geethanjali 41 Reputation points Microsoft Vendor

2022-04-25T18:39:25.467+00:00

Thank you for your response. I could see that there is no app id and service principal for the same in the dogfood(PPE) environment.
Is there any document/references to raise any request/manually to provision the Service Principal for my 1P appId?
Note: The application which I have created is a child of an existing 1P application which has already provisioned.

Answer 2

Geethanjali 41 Microsoft Vendor

Hi @Shweta Mathur
Thank you for the help. As per the link, I have provisioned the Service Principal for my test application and was able to get the Oid and sub claim in the access token.
Appreciate the help.!!

Shweta Mathur 15,066 Reputation points Microsoft Employee

2022-04-26T07:14:31.34+00:00

Thanks for update. Glad you are able to solve the issue.

Oid and sub claim are missing from AAD V2 access token

1 additional answer

Activity