my custom claims provider fails because There was a problem parsing the custom extension's response body. Check that the API response body is in an acceptable schema for that custom extension type.
I want to add correlationId (string) and newUser (bool) to the tokens.
According to the documentation the expected payload for this is:
{
"data": {
"@odata.type": "microsoft.graph.onTokenIssuanceStartResponseData",
"actions": [
{
"@odata.type": "microsoft.graph.tokenIssuanceStart.provideClaimsForToken",
"claims": {
"DateOfBirth": "01/01/2000",
"CustomRoles": [
"Writer",
"Editor"
]
}
}
]
}
}
I have checked the logs and my API returns the following, which for me seems compliant (different claims obviously):
{
"data": {
"actions": [
{
"claims": {
"correlationId": "9733d4a8-3c55-48e4-bc1c-7429560752d4",
"newUser": true
},
"@odata.type": "microsoft.graph.tokenIssuanceStart.provideClaimsForToken"
}
],
"@odata.type": "microsoft.graph.onTokenIssuanceStartResponseData"
}
}
Also here is a step-by-step guidance on how to configure this. The only step where I am deviating is that I don't have implcit flow active on my app registration, which afaik is only relevant for testing purposes with https://jwt.ms. In other parts of my Entra External ID setup, activating these is explicitly discouraged in the docs. In fact without even configuring a Redirect Uri in the appr egistration for my custom claims provider API, this is not even visible.
Does someone know why it keeps failing? Any help is appreciated!
Well sh... Working now. Apparently, the custom claims provider does not like any property types other than
string. I removed thenewUserclaim which was abooland now it works.