Azure ADB2C | Custom Attributes

Question

Hi,

Please help me with the answers to some questions for custom attributes on azure ad b2c

1. Can we change the name of the attribute ? I don't want it to have extenstions_<tenantId>_name format
2. If the answer to Q1 is no, can we assign this attribute to another field in the token ? say I have extentsion_tenantId_name and in the token or application claims I want it's value to be stored as username ?

Answer 1

Hi @Abhay Chandramouli • Thank you for reaching out. Please find my comments inline:

1. Can we change the name of the attribute ? I don't want it to have extenstions_<tenantId>_name format?

No, all the extension attributes are stored in the standard Azure AD or Azure AD B2C directories as extenstions_<app_id_of_b2c_extension_app>_name format and this format is not customizable.

2. If the answer to Q1 is no, can we assign this attribute to another field in the token ? say I have extentsion_tenantId_name and in the token or application claims I want it's value to be stored as username ?

Yes, you can use Custom Policy to pass the custom attribute as a claim with any name within the token. Keep in mind that the claim name must not be already in use and is not a restricted claim. This option is not yet available in User flows.

Additional Details:

Below is how you define a claim in the custom policy:

      <ClaimType Id="extension_gender">  
        <DisplayName>Type your gender</DisplayName>  
        <DataType>string</DataType>  
        <UserInputType>TextBox</UserInputType>  
      </ClaimType>  

This claim will be stored in the directory as:

`extenstions_<app_id_of_b2c_extension_app>_gender`  

To pass the claim as gender in the token, you need to add the below output claim in your RP file, e.g. SignupOrSignin.xml or ProfileEdit.xml. The PartnerClaimType parameter is used to specify what name to be used for the claim in the token sent to the application.

<OutputClaim ClaimTypeReferenceId="extension_gender" PartnerClaimType="gender" />  

You can also define PartnerClaimType when you define the claim as mentioned in the first xml snippet of ClaimsSchema document.

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

1. The user attribute has a simple name. I think what you're talking about is the claim that is sent as part of the user identity. The claim is normalized to avoid conflicts as you cannot have multiple, different attributes mapping to the same claim as that would cause confusion. So no you cannot change the claim name.
2. No, B2C maps user attributes to their formal claim name. If you want to transform claims then that is a client side change you need to make. If you're using something like ASP.NET then it provides a claims transformation interface that server apps can hook into to modify claims when the user is authenticated. It is at this point where you could create pseudo claims based upon the actual claims in the user token. However other client apps would need to do the same thing.

Alternatively you could wrap B2C with your own authentication service. Your service could call to B2C to do the authentication and then transform the returned token into a new token with whatever values you want. This is the preferred approach if you have some data in B2C and some data in your local DB. This is actually pretty common and you can google for samples of how to do it. But it requires a lot more work.

Another option that might work is using claim resolvers or at least the infrastructure that it is used by. I haven't done that myself so I cannot tell you what is involved or whether it would even work.