CODEWITHSUNDEEP
spring-bootazureazure-active-directory
rob2universe
rob2universe

Reputation: 7618

How to inlcude more attributes in OAuth2User retruned from Azure Active Directory (AAD) using Spring Boot Starter oAuth2 Client

I am using spring-boot-starter-oauth2-client, spring-cloud-azure-starter-active-directory (spring-cloud-azure-dependencies 4.0.0) to add oauth2 authentication against Azure Active Directory to a trivial Spring Boot app. All is working fine.

I noticed that the OAuth2User principal I get from the Spring Security authentication does not contain e.g. all attributes visible in AAD for the identity. Is there a way of requesting more information (e.g. separate attributes for first and last name) to be included in the response (no separate call)?

https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/spring-boot-starter-for-azure-active-directory-developer-guide looked promising but did not help me.

Upvotes: 1

Views: 761

Answers (1)

kavya Saraboju
kavya Saraboju

Reputation: 10839

You can try by selecting optional claims in token configuration ,where you can select the required tokens you want to reflect in the token.

  • As per the documentation the optional claim given_name and family_name requires profile scope in your token request.

enter image description here

You can update optional claims given_name which is first name and family_name ( last name ) in manifest.json file:

"accessTokenAcceptedVersion": 2,
"optionalClaims": {
    "idToken": [
        {
            "name": "given_name",
            "source": "user",
            "essential": false,
            "additionalProperties": []
        },
        {
            "name": "family_name",
            "source": "user",
            "essential": false,
            "additionalProperties": []
        }
    ],
    "accessToken": [],
    "saml2Token": []
}

If it is for Microsoft graph api , you can check mark the same for accesstoken.

Also try by adding email and openid scopes and grant api permissions for them.

Reference :c# - How to add 'Optional Claims' dynamically for AzureAD registered application? - Stack Overflow

Upvotes: 1

Related Questions