Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Retrieving user claims from token #121
When using B2C, the build-in policies allow us to define which application claims will be added to the token:
However, I didn't find any proper way to retrieve those claims using the library and I believe claims are an important aspect of oauth2 (not only to B2C).
Are you going to implement some sort of functionality in the future in order to retrieve the claims?
Meanwhile I solved my problem doing this:
The token's retrieved from B2C do not contain all the information about the user and its claim or attributes. You should use the Graph API of the underlying Azure Active Directory to query the user for its information.
I use it in my ASP.net web api backend to retrieve the information of a user.
@DibranMulder You are right when you say that the token does not contain all the information about the user and the Microsoft Graph exists to get that information, stored in other systems, specified in different scopes.
The link you are referring to explain how, for a B2C tenant, it's possible to communicate with the Graph API for an interactive (run-once task) administrator account or an automated task (a service) where the application itself act as a user.
However, B2C put some information about the user (via policies) and it is even possible to add your own custom attributes:
Those attributes are contained inside of the tokens out-of-the-box and are easy to retrieve (see my example in my previous comment). In this scenario, the overhead involved in order to get that information by calling the Graph API is not justified.
MSAL should support reading the claims that are already contained in the token.