Reputation: 1
Adding custom claims to JWT from an external API using Azure AD
Is there a way to add custom claims to a JWT (access token) other than adding the optional claims?
Our situation is that we receive requests from external clients with access tokens signed by a trusted party. We need to validate the token and then add some additional claims before routing the request to the protected API. The values of the additional claims needs to be fetched from an external API, so there is no way to use the provided "optional claims" in the Token configuration settings.
Does anyone know if this is possible with Azure AD? We have been able to do this using IdentityServer which of course is very flexible. But it would be great to simplify our architecture/design by only having Azure AD as our IDP/STS.
Upvotes: 0
Views: 1859
Answers (1)
Reputation: 16438
You can customize claims emitted in tokens for a specific app in a tenant. (This is using PowerShell cmdlet)
Here is another way using Microsoft Graph:
Create an extensionProperty.
Update the extension property for a user.
Create a claimsMappingPolicy.
Assign the claimsMappingPolicy to a servicePrincipal. The servicePrincipal here is the enterprise application which represents your AAD protected API.
In the manifest file of the API app registration. Set
acceptMappedClaimsto true andaccessTokenAcceptedVersionto 2.
After that you can get the custom claim in the JWT token.
For details, see my previous answer.
Upvotes: 1
Related Questions
- Adding custom claims into AAD token
- Azure AD Custom Claims in JWT
- Graph Client - Azure AD JWT Custom Claims
- Add additional claims (such as roles) to JWT retrieved from external providers
- Login to my API using an Azure AD JWT (id_token)
- How to include claims in JWT token?
- Azure AD JWT authentication - Claims are missing
- Adding Azure Ad Oauth2 JWT Token Claims
- Custom claims with Jwt Bearer Authentication
- Get custom claims from a JWT using Owin