AppModelv2-WebApp-OpenIDConnect-DotNet
AppModelv2-WebApp-OpenIDConnect-DotNet copied to clipboard
Claim Mapping
Connecting to Azure AD I get a name claim type back not a http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name claim type. The User.Identity.Name is then null. I realize that the example is meant to be kept simple but was wondering if this is intentional?
the Azure AD v1.0 endpoint used to emit long claim types (names), whereas the v2.0 endpoint tries to produce shorter tokens, hence small claims name.
See https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens for the v1.0 claims
If you want to get the old claims, you can use
JwtSecurityTokenHandler.DefaultMapInboundClaims = true;
See https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/6c04ec4da9a56db1b53d1ec657113e3eb6abb32a/5-WebApp-AuthZ/5-1-Roles/Startup.cs#L43-L47
That's good to know. The short names are much more readable. I can see why they switched it.
Hi,
One question about claims. If I want to get optional claims like "verified_primary_email" or "verified_secondary_email" already exposed in my Azure registered app, how do I get them as part of the id token? Is there a way to get those directly without doing extra calls with the Graph API?
Thank you for your insight.