Using an external IDP in azure B2C. Is it possible to add a custom claim to the JWT without using custom policies?
In my IDP I have this code in the /connect/token endpoint:
This works as expected and the "given name" is set to the SSN.
identity.RemoveClaims(Claims.GivenName);
identity.AddClaim(Claims.GivenName, identity.Claims.First(x => x.Type == "SSN").Value);
This however does not work:
identity.AddClaim("extension_9322349238409238_SSN", identity.Claims.First(x => x.Type == "SSN").Value);
If I use an API-connector I can indeed enrich the token with the claim but I need to do it before that when I actually got access to the SSN.
Is this possible without a custom policy? The documentation is not 100% clear about this.
Note: I do not want to collect the claim using user input which could be achieved using user attributes.
If you need it added automatically you can leverage API Connectors.
'After federating with an identity provider during sign-up' or 'Before creating the user' should fulfil your needs.
There is a third option, 'Before sending the token' but it is still in preview. It may be suitable if you don't want to persist the SSN against the user object.
Note, you will have to have your own API to return the value you want populated.