![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 69%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
25,180 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Geethanjali ,
Thanks for reaching out.
I understand that for first party application, you are not able to get oid and sub claim in access token.
As this is first party application and when you are signing in with MSA account, MSA pass through the user and does not add as guest user object in the tenant.
Since there is no object ID of User, so no OID claim returning in the token.
Alternatively, OID and sub claims will be null and not returned in the token, if the user logs in into a tenant where the apps are not provisioned, and its service principal is missing in that tenant.
Hope this will help.
Please remember to "Accept Answer" if answer helped you.
Thanks,
Shweta