question

Juan-6975 avatar image
0 Votes"
Juan-6975 asked Juan-6975 commented

How to add custom claim to access token based on HTTP query string

I want to know if it's possible to add a custom claim to the access token that Azure AD will provide to the user based on the parameters from the request.

For example, when someone runs this request:

https://login.microsoftonline.com/xxxxx-xxx-xxxxxx-xxxxx/oauth2/v2.0/authorize?
client_id=xxxxx-xxx-xxxxxx-xxxxx
&response_type=code
&redirect_uri=http://localhost:44393
&response_mode=query
&scope=api://xxxxx-xxx-xxxxxx-xxxxx/access_as_user
&state=12345
&myCustomClaim=98765

we will return an access code, and with that access code we will get an access token. Is there a way to grab the query parameter "myCustomClaim=98765" and add it to the returned access token as a claim?

PS: For more context this is a follow up of the question https://docs.microsoft.com/en-us/answers/questions/830762/scim-custom-claims.html

azure-ad-authentication
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @Juan-6975 , have you looked into configuring tokens with custom policies? If so, what was causing you issues? Please let me know and I can help you further.

Best,
James


0 Votes 0 ·
Juan-6975 avatar image Juan-6975 JamesHamil-MSFT ·

Hi @JamesHamil-MSFT

The link you sent talks about Azure AD B2C but I don't want to use B2C services, just Azure AD. Maybe the link is incorrect? or am I missing something?

What I want is to create a custom claim inside an access token based on a piece of information sent by the client inside their HTTP request(when requesting the access_code+access_token). Is that possible?

0 Votes 0 ·

Does anyone know the answer?

0 Votes 0 ·

0 Answers