Home > OS >  Add app extension attribute in user flow JWT Azure AD B2C
Add app extension attribute in user flow JWT Azure AD B2C

Time:06-22

I am working in Azure AD B2C to add custom extensions per application. Theses extensions must be returned in the jwt when the login is requested by the application.

So I create the extension on the app using the graph api

POST https://graph.microsoft.com/v1.0/applications/{{appid}}/extensionProperties
{
    "name": "name",
    "dataType": "String",
    "targetObjects": [
        "User"
    ]
}

Then I associate a value for a specific user

PATCH https://graph.microsoft.com/v1.0/users/{{userid}}
{
    "extension_{{appid(without dashes}}_name": "1234"
}

Now I go on the app manifest to add the optional claim.

"optionalClaims": {
        "idToken": [
            {
                "name": "extension_{{appid(without dashes}}_name",
                "source": "user",
                "essential": true,
                "additionalProperties": []
            }
        ],
        "accessToken": [
            {
                "name": "extension_{{appid(without dashes}}_name",
                "source": "user",
                "essential": true,
                "additionalProperties": []
            }
        ],
        "saml2Token": []
    },

Save but the claim never appear on the jwt token.

I also tried using the answer of this post but didn't work either.

CodePudding user response:

The problem is you’ve used Optional claims setup, which works for AAD but not AAD B2C.

Follow this: https://docs.microsoft.com/en-us/azure/active-directory-b2c/user-flow-custom-attributes?pivots=b2c-user-flow

If you want to select your custom attribute through the Azure Portal - AAD B2C - User Attributes blade, and the attribute was created via Graph API, you have to recreate it in the Portal for it to reconcile.

You would also need to target the b2c-extensions-app AppId when defining the attribute with Graph API.

CodePudding user response:

I tried to reproduce the same in my environment and got the claims successfully

As Jas Suri - MSFT commented, this will only work if you are adding optional claims to Azure AD application.

I created the extension attribute via Graph API like below:

enter image description here

I associated the above extension attribute to a specific user like below:

enter image description here

Please check whether that extension attribute is visible in optional claims UI or not and add like below:

enter image description here

When you check the manifest, it will be added automatically like below:

enter image description here

I generated the JWT token using auth-code flow via Postman like below:

enter image description here

After decoding the JWT token (ID-Token), I got the claims successfully like below:

enter image description here

  • Related