Entra ID custom claims in ID-Token, UserInfo

Question

With Entra ID "Custom claims provider" it seems to be possible to add claims to the Access Token.

https://learn.microsoft.com/en-us/entra/identity-platform/custom-extension-get-started

Is it also possible to add claims to ID token and UserInfo endpoint?

Answer 1

Yes, it's possible to add custom claims to ID token using Entra ID "Custom claims provider". But for /userinfo endpoint, it's not possible as it returns only specific claims.

In my case, I followed same document and created one Function app with HTTP Trigger function by editing code and got its function URL:

Now, I configured one custom authentication extension named Token issuance event and added function URL here:

In Azure AD, I registered one application by enabling implicit flow options and changed below properties in Manifest tab:

Now, I assigned custom claims provider to the application by adding claims like this:

In the Function App, I added Microsoft as identity provider in Authentication tab:

To test the application, I ran below authorization request in browser and got ID token with custom claims successfully like this:

https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize?client_id={AppID}&response_type=id_token&redirect_uri=https://jwt.ms&scope=openid&state=12345&nonce=12345