How I retrieve a extensionProperty on B2C?

Question

We are trying to work with B2E optional claims … we followed this doc and this to create the extension Claim at B2E, than populate it with some value… and enable it on Token Conf/Manifest. We also setup de XML with the PartnerClaimType but we can’t receive the Claim from B2E. Do you have some tip or idea why we cant receive the claim?

Defaults claims works fine, but optional… we spent at least 2 days with tons of tests… =(

Extension Claim
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#applications('XXX9f805-40cb-41af-80ae-c63201919XXX')/extensionProperties",
"value": [
{
"id": "XXX707f9-8cdb-4cfa-996e-59da8512fXXX",
"deletedDateTime": null,
"appDisplayName": "",
"name": "extension_XXXb714c01374c3e89a7c700bbd0eXXX_perfil",
"dataType": "String",
"isSyncedFromOnPremises": false,
"targetObjects": ["User"]
}
]
}

Populated claim from and User
{ "extension_XXXb714c01374c3e89a7c700bbd0eXXX_perfil": "tempinfo",
}

B2E App Manifest
"saml2Token": [
{
"name": "extension_XXXb714c01374c3e89a7c700bbd0eXXX_perfil",
"source": "user",
"essential": false,
"additionalProperties": []
}
]

OpenId ClaimProvider

Obs.: we also tried “extension_perfil” and “extn.perfil”

References:

https://learn.microsoft.com/en-us/graph/api/resources/extensionproperty?view=graph-rest-1.0

https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims

Answer 1

In technical profile OIDC-ViaVarejo change

<OutputClaim ClaimTypeReferenceId="extension_perfil" />

To

<OutputClaim ClaimTypeReferenceId="extension_perfil" PartnerClaimType="extn.perfil" />

Your claims definition should be as follows since AAD is returning an Array:

<ClaimType Id="extension_perfil">
  <DisplayName>extension_perfil</DisplayName>
  <DataType>stringCollection</DataType>
  <UserHelpText>extension_perfil</UserHelpText>
</ClaimType>

If you want to display the value to the screen in a textbox, you need to convert the stringCollection to a string (itll just get the first value):

<ClaimsTransformation Id="ExtractPerfil" TransformationMethod="GetSingleItemFromStringCollection">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="extension_perfil" TransformationClaimType="collection" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="perfil" TransformationClaimType="extractedItem" />
  </OutputClaims>
</ClaimsTransformation>

Define the claim perfil

<ClaimType Id="perfil">
  <DisplayName>perfil</DisplayName>
  <DataType>string</DataType>
  <UserHelpText>extension_perfil</UserHelpText>
  <UserInputType>TextBox</UserInputType>
</ClaimType>

Then modify SelfAsserted-AADVV-PersonalData:

...
    </CryptographicKeys>
    <InputClaimsTransformations>
      <InputClaimsTransformation ReferenceId="ExtractPerfil" />
    </InputClaimsTransformations>
    <InputClaims>
      <InputClaim ClaimTypeReferenceId="Step" DefaultValue="SelfAsserted-AADVV-PersonalData" AlwaysUseDefaultValue="true" />
      <InputClaim ClaimTypeReferenceId="displayName" />
      <InputClaim ClaimTypeReferenceId="email" />
      <InputClaim ClaimTypeReferenceId="perfil" />
      <InputClaim ClaimTypeReferenceId="extension_DataNasc" />
    </InputClaims>
    <OutputClaims>
      <OutputClaim ClaimTypeReferenceId="Step" />
      <OutputClaim ClaimTypeReferenceId="displayName" Required="true" />
      <OutputClaim ClaimTypeReferenceId="email" Required="true" />
      <OutputClaim ClaimTypeReferenceId="perfil" Required="true" />
      <OutputClaim ClaimTypeReferenceId="extension_DataNasc" Required="true" />
      <OutputClaim ClaimTypeReferenceId="DDIBrasil" DefaultValue="+55" AlwaysUseDefaultValue="true" />
      <OutputClaim ClaimTypeReferenceId="extension_Celular" Required="true" />
    </OutputClaims>
...