Failed to include signed in time and ip address of users in the jwt token?

Question

What approach to follow to include signed-in time and ip address of users in the jwt token?

Do I need to add extension attributes for them separately like below?

https://graph.microsoft.com/v1.0/applications/appID/extensionProperties

{
    "name": "ip address",
    "dataType": "String",
    "targetObjects": [
        "User"
    ]
}

Or Is there anything that I have to modify in Manifest of my app. I tried all the possible ways that I find but no use:-(

FYI, I used client credentials flow to generate token. I found I can get that from id token but I don't how to proceed further.

Answer 1

Please note that using client credentials flow, you cannot get optional claims in the token.

Alternatively, you can make use of either Authorization code flow, ROPC flow or Implicit flow.

I tried to reproduce in the same in my environment and got the below results:

To include signed in time and ip address of users in the jwt token, add optional claims like below:

Go to Azure Portal -> Azure Active Directory -> App Registrations -> Your app -> Token configuration -> Add optional claims

After adding the above claims, I generated the ID token using Authorization code flow like below:

I decoded the ID token via jwt.ms and got the claims successfully like below: