How to add additional claims to ID Token - Azure G

2019-08-17 07:08发布

站内问答 / 前端开发
519 2 5

I'm trying to overload the OAuth ID Token by adding additional claims. I can already use the Graph API to get the claims that I need but I would like to understand if it's possible to add the additional claims directly into the ID Token? I've updated the manifest by adding the required claims in and then flipping "acceptMappedClaims" to true, however I still don't see these in the ID token. What am I missing?

"optionalClaims": {
    "idToken": [
      {
        "name": "employeeid",
        "source": "user",
        "essential": true,
        "additionalProperties": []
      },
      {
        "name": "mail",
        "source": "user",
        "essential": true,
        "additionalProperties": []
      }
    ],
    "accessToken": [],
    "saml2Token": []
  },
  "acceptMappedClaims": true,

2条回答
Explosion°爆炸
2楼-- · 2019-08-17 07:24

If you are trying to add additional claims into your AD token, you would need Azure AD premium and you can add the values as attributes. See Claim augmentation with Azure AD authentcation

If you just need the claims in one particular application, you can add the claims in the app itself. See Azure AD PostAuthentication add claims

查看更多
0人赞 添加讨论(0) 举报
Viruses.
3楼-- · 2019-08-17 07:27

This depends on where the ID token is generated from. If it's on-premises AD and federated identity is used take a look at Customizing the OIDC id_token in ADFS 2016.

If it's just a cloud identity I'd take a look at the second link jwmiller5 posted or this one: how-to-set-claims-from-asp-net-openid-connect-owin-components.

Hope this helps, Bernie

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)