How to include application scopes in access token with custom policy?

Kevin Yu 1 Reputation point
2020-02-10T01:06:44.863+00:00

Here's the configuration for the Azure AD B2C, create two applications: web and api. added two scopes read and write to the api scope. configure web application to web application. tested with the built-in user flows e.g. sign up sign in. run the flow for the web app, get the access token, scopes are in the token.

now create a custom policy to use multitenants to authenticate the users with Azure AD. created a custom signup/in policy. run the policy, got the access token by specifying the api scopes in the access token, however the return token does not contain the scope claims. my question is how to configure the custom policy to have the api scopes in the access token?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,723 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,471 Reputation points
    2020-02-10T10:58:12.703+00:00

    @Kevin Yu

    Under multi-tenant Azure AD Technical profile that you have added to your custom policy, update below parameter to include your scopes:

    < Item Key="scope">openid profile email https://your_tenant.onmicrosoft.com/xxxx/read https://ypur_tenant.onmicrosoft.com/xxxx/write< /Item >

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.

    0 comments No comments