I setup my Azure AD B2C custom claims REST API as described at https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw and that works as described.
I'd like to use the same API for multiple applications rather than building one API endpoint for each app (and having to replicate most of the XML configuration). Is it possible to get Azure B2C to include the aud value when it hits the API so I can provide the claims that apply to the app asking for them? It is in the token that gets returned in the end so I'm assuming it is accessible.
I looked at the claim types defined in the TrustFrameworkBase and none of them seem to match the aud value that is returned as part of the token.
I'm able to return the custom claims for a given user, but I'd like to be able to filter that down to the custom claims for a given user for the application they are authenticating to.
Am I going about this the wrong way? Is there a better way to accomplish this?
You can use a claims resolver for this.
Firstly, declare an applicationId (or similar) claim type:
<ClaimType Id="applicationId">
<DisplayName>Application Identifier</DisplayName>
<DataType>string</DataType>
</ClaimType>
Then in the REST API technical profile, refer to this applicationId claim using the {OIDC:ClientId} claims resolver:
<InputClaim ClaimTypeReferenceId="applicationId" DefaultValue="{OIDC:ClientId}" AlwaysUseDefaultValue="true" />