No given name or surname claim when using Azure Active Directory OAuth

Question

We are authenticating our MVC application using Azure Active Directory but the only information we get back in our ClaimsPrincipal is the Name and Group Memberships.

We need access to the users given name and last name as well. Any pointers on how we can resolve this?

Answer 1

OpenID Connect introduces an id_token (This is a JWT).

Looking at the documentation, the id_token contains some claims that could match :

• given_name: Provides the first or "given" name of the user, as set on the Azure AD user object.
• family_name: Provides the last name, surname, or family name of the user as defined in the Azure AD user object.
• unique_name: Provides a human readable value that identifies the subject of the token. This value is not guaranteed to be unique within a tenant and is designed to be used only for display purposes.

So in your controller you can access these claims like that:

using System.Security.Claims;
...
var identity = (ClaimsIdentity)User.Identity;
var lastName = identity.Claims.First(
    c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname").Value;
var firstName = identity.Claims.First(
    c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname").Value;
var displayName = identity.Claims.First(c => c.Type == "name").Value;

These claims correspond to the First Name, Last Name and Display Name in your Azure AD :