Azure AD OAuth Token Claim - Populate DisplayName attribute for Application Users

Question

When I request an OAuth token from Azure AD for an application user (using a client_id and client_secret) targeting the correct resource audience (target application), I don't know how to get Azure AD to populate a claim for the client's DisplayName attribute (primarily for an application client, but also users should work too) in Azure AD.

POST /<tenant_id>/oauth2/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id=<client_id>&resource=<target_aud_app_uri>&client_secret=<client_secret>

{
  "typ": "JWT",
  "alg": "RS256",
  "x5t": "xxx",
  "kid": "xxx"
}.{
  "aud": "<target_aud_app_uri>",
  "iss": "https://sts.windows.net/<tenant_id>/",
  "iat": 1619676176,
  "nbf": 1619676176,
  "exp": 1619680076,
  "aio": "xxx",
  "appid": "<client_id>",
  "appidacr": "1",
  "idp": "https://sts.windows.net/<tenant_id>/",
  "idtyp": "app",
  "oid": "xxx",
  "rh": "xxx",
  "roles": [
    "XXX"
  ],
  "sid": "xxx",
  "sub": "xxx",
  "tenant_ctry": "AU",
  "tenant_region_scope": "OC",
  "tid": "xxx",
  "uti": "xxx",
  "ver": "1.0"
}.[Signature]

In the target application configuration in Azure AD, I've added all the optional claims it allows in the UI, and even tried adding 'display_name' via the manifest but it doesn't know how to pick it up. Is there a way to do this?

Answer 1

This question has been asked before.

This is possible under the Microosft.graph namespace only cannot be used for any custom app. In other words, only the ms graph api token has app_displayname claim. For the token of the application custom api, it is currently not possible to add the app_displayname claim, at least for now this is impossible.

I suggest you submit user voice, and I will vote for it.