Using an external IDP in azure B2C. Is it possible to add a custom claim to the JWT without using custom policies?
In my IDP I have this code in the /connect/token endpoint:
This works as expected and the "given name" is set to the SSN.
identity.RemoveClaims(Claims.GivenName);
identity.AddClaim(Claims.GivenName, identity.Claims.First(x => x.Type == "SSN").Value);
This however does not work:
identity.AddClaim("extension_9322349238409238_SSN", identity.Claims.First(x => x.Type == "SSN").Value);
If I use an API-connector I can indeed enrich the token with the claim but I need to do it before that when I actually got access to the SSN.
Is this possible without a custom policy? The documentation is not 100% clear about this.
Note: I do not want to collect the claim using user input which could be achieved using user attributes.
I created a custom attribute "SSN" in Azure AD B2C:
Created an Azure AD B2C user flow and selected SSN as application claim:
For sample, configured Google as Identity provider:
When I run the user flow, I selected sign in with Google:
Once the user signs in the user will be created in Azure AD B2C tenant:
Copy the Object ID of the user and assign the custom attribute value to the user:
Run the user flow, ID token and access token will be generated.
When I decoded the access token, the custom claim SSN is displayed successfully:
Otherwise, you can directly select the given name as application claim and when you decode the token it will be displayed as
"given_name": "ruk"