How to include application scopes in access token with custom policy?

Kevin Yu 1 Reputation point
2020-02-10T01:06:44.863+00:00

Here's the configuration for the Azure AD B2C, create two applications: web and api. added two scopes read and write to the api scope. configure web application to web application. tested with the built-in user flows e.g. sign up sign in. run the flow for the web app, get the access token, scopes are in the token.

now create a custom policy to use multitenants to authenticate the users with Azure AD. created a custom signup/in policy. run the policy, got the access token by specifying the api scopes in the access token, however the return token does not contain the scope claims. my question is how to configure the custom policy to have the api scopes in the access token?

Azure Active Directory External Identities

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 55,406 Reputation points
    2020-02-10T10:58:12.703+00:00

    @Kevin Yu

    Under multi-tenant Azure AD Technical profile that you have added to your custom policy, update below parameter to include your scopes:

    < Item Key="scope">openid profile email https://your_tenant.onmicrosoft.com/xxxx/read https://ypur_tenant.onmicrosoft.com/xxxx/write< /Item >

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.