Claim Mapping

[lehne]

Connecting to Azure AD I get a name claim type back not a http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name claim type. The User.Identity.Name is then null. I realize that the example is meant to be kept simple but was wondering if this is intentional?

[jmprieur]

the Azure AD v1.0 endpoint used to emit long claim types (names), whereas the v2.0 endpoint tries to produce shorter tokens, hence small claims name.

See https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens for the v1.0 claims

If you want to get the old claims, you can use

JwtSecurityTokenHandler.DefaultMapInboundClaims = true;

See https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/6c04ec4da9a56db1b53d1ec657113e3eb6abb32a/5-WebApp-AuthZ/5-1-Roles/Startup.cs#L43-L47

[lehne]

That's good to know. The short names are much more readable. I can see why they switched it.

[ErcNovelT]

Hi,

One question about claims. If I want to get optional claims like "verified_primary_email" or "verified_secondary_email" already exposed in my Azure registered app, how do I get them as part of the id token? Is there a way to get those directly without doing extra calls with the Graph API?

Thank you for your insight.