Access token without sensitive claims

Question

Access token without sensitive claims

David H 1

Does anybody know if is possible to remove the preferred_username claim from v2 access token for an app (resource server) with a ClaimsMappingPolicy applied without basic claim set? (no api access granted for the app on Azure AD)

Thank you in advance.

0 comments

1 answer

Your answer

Answer 1

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,551 Moderator

Hello @David H , preferred_username is member of the Restricted claim set and thus cannot be modified using a policy, the data source cannot be changed and no transformation is applied when generating it.

You can avoid getting it if the profile scope is omitted.

Let us know if this answer was helpful to you. If so, please remember to accept it so that others in the community with similar questions can more easily find a solution.

David H 1 Reputation point

2022-05-17T07:09:01.817+00:00

Thank you for the response. However, even omitting the profile scope in the request for the token, the v2 endpoint is still including the preferred_username claim in the response.

The configuration is simple, claim mapping without basic claim set and no additional claims, no scopes added to the app (resource server) in Azure AD, and just the api scope in the request for the token.

What can be wrong?

Best Regards,
David.
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,551 Reputation points Moderator

2022-06-02T19:25:45.023+00:00

Hello @David H and apologies for the delay. I will reach out the Azure AD team and will come back to you ASAP.

Share via

Access token without sensitive claims

1 answer

Your answer