Reputation: 3271
Different claims for id and access token
I know how to configure custom claims https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-tokens?pivots=b2c-custom-policy
The problem is the same claims are included in access token and id token.
I want to include "displayName" claim in the id token, but not in the access token, but I don't see a way to differentiate the two
Upvotes: 0
Views: 1150
Answers (2)
Reputation: 11315
Its currently not possible to have different claim set in Access Token vs ID Token.
Upvotes: 4
Reputation: 5159
• You can edit the claims in the ID token and the access token in the implicit flow only while the same is not possible for authorization code flow with PKCE since the tokens in auth code flow with PKCE are set on the client side due to which they need to be flushed out first. Also, you can configure the relying party claims to be issued in the ID token and the access token in the custom policies for that application registered in B2C.
• Also, the relying party claims that are configured in the input claims and output claims section in the technical profile of the custom policy form the relying party definition which determines the ID token and the access token respectively. And both the tokens return with the same set of claims. You can configure the claims to be issued in the JWT token in the RP section for the implicit flow as below: -
‘ <RelyingParty>
<DefaultUserJourney ReferenceId="SignUpOrSignIn" />
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="OpenIdConnect" />
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surname" />
<OutputClaim ClaimTypeReferenceId="email" />
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
<OutputClaim ClaimTypeReferenceId="identityProvider" />
</OutputClaims>
<SubjectNamingInfo ClaimType="sub" />
</TechnicalProfile>
</RelyingParty>
{
...
"sub": "6fbbd70d-262b-4b50-804c-257ae1706ef2",
...
} ‘
Thus, through the token technical profile that you define for each ID and the access token in implicit flow, the claims can be passed and used accordingly.
Please find the below links for more information: -
Upvotes: 0
Related Questions
- Access token not working Azure AD custom policy
- How to enrich azure b2c token with custom claims using api connectors and asp net core web api
- Getting access token for an api protected by B2C, using custom policies
- How to include roles in issued token when using multi-tenant Azure AD with Azure AD B2C?
- Azure B2C Claims Based Authentication and Custom Claims
- Azure AD B2C: How to reference built in claims in custom policies?
- Azure B2C: Custom claim isn't written into AAD via custom policy
- How do I get Azure AD B2C's built-in claims to be returned in the token when I'm using a custom policy?
- Azure AD B2C Add Claims to id_token in custom policy
- Claims in Azure Active Directory B2C