How to set up custom claims in Azure AD B2C Application and get the claim in access token

Sateesh Kumar Sharma 21 Reputation points

Hi team,

I have a Azure B2C tenant without subscription , only for App Registration . I did App Registration under B2C tenant using graph API.
Now using client_credentials flow to generate access token ,successfully got access token.

Token Endpoint -{b2ctenantid}/oauth2/token
grant_type: client_credentials

Now I am decoding the token with and getting all the default claims and As per the requirement I need to add one custom claims e.g - app_name to be available in access token claims because after decoding token we need to have custom claims to do some operation as per the requirement .

I did try to achieve it using this graph endpoint -{application object id}/extensionProperties
with payload :
"name": "app_name",
"dataType": "String",
"targetObjects": [

I got success response .

"@odata.context": "$metadata#applications('objectid')/extensionProperties/$entity",
"id": "*****************",
"deletedDateTime": null,
"appDisplayName": "abc",
"dataType": "String",
"isSyncedFromOnPremises": false,
"name": "extension_appID_appName",
"targetObjects": [

But I am not able to get this claims in token after decoding it .
I tried to all this graph API to add claims - but It is not getting succeeded .

Note : In APP Registration from Portal I am not able to see token Configuration blade as well unlike Azure AD tenant .

Please help me here to add custom claims in Azure B2C tenant APP Registration using Graph Rest API call. I can not use Azure CLI command because my tenant is not having Subscription .

your help will be much appreciated :)

Sateesh Sharma

Azure Active Directory External Identities
No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 55,231 Reputation points

    Hi @Sateesh Kumar Sharma • Thank you for reaching out.

    In the B2C directory, to get the custom app role in the token acquired using Client_Credentials flow, you need to update the application manifest as the app roles and token configuration blade are not available in the B2C tenant.

    • First, you need to add the app role in the application manifest, as mentioned below:
      "appRoles": [  
                  "allowedMemberTypes": [  
                  "description": "Test all aspects of the application",  
                  "displayName": "Tester",  
                  "id": "a0e9939a-e77b-4ec3-94b3-a6d2d33bcbde",  
                  "isEnabled": true,  
                  "lang": null,  
                  "origin": "Application",  
                  "value": "test.all"  
    • Once the manifest is updated, go to the Expose as API blade of the application and set the Application ID URI.
    • Then go to API Permissions blade > Add a permission > My APIs > Select the application whose manifest you updated.
    • Select Application permissions > select required permissions > Add permission. 211691-image.png
    • Use client credentials flow to acquire the token:


    • Decode the token at and notice the roles claim includes the permission, as shown below:


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    No comments

1 additional answer

Sort by: Most helpful
  1. Sateesh Kumar Sharma 21 Reputation points

    Hi @Amanpreet ,

    Thank you for your help ..

    Sateesh Sharma

    No comments