About custom attributes in Azure AD B2C. Is there a way to remove the "extension" prefix from custom attributes included in ID tokens in Azure AD B2C?
When defining a custom attribute in Azure AD B2C, The attribute will have the prefix "extension" in the ID token parameter. Is there a way to remove the "extension" prefix?
For example, I want to get "extension_sampledata" as "sampledata"
I couldn't remove it from the Azure AD B2C user flow, so I'm trying a custom policy.
I don't think you can change that in user flows, but you definitely can with custom policies.
In your RelyingParty definition, you can specify a PartnerClaimType
which is the name B2C will use for a claim in the token.
For example, the RelyingParty
definition:
<RelyingParty>
<DefaultUserJourney ReferenceId="SignIn"/>
<UserJourneyBehaviors>
<SingleSignOn Scope="Tenant" />
</UserJourneyBehaviors>
<TechnicalProfile Id="PolicyProfile">
<DisplayName>OpenIdConnectProfile</DisplayName>
<Protocol Name="OpenIdConnect"/>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="extension_sampledata" PartnerClaimType="sampledata" />
</OutputClaims>
<SubjectNamingInfo ClaimType="sub" />
</TechnicalProfile>
</RelyingParty>
Would generate a token that contains the following claims (in addition to the standard claims):
{
"sub": "93575208-fd44-46fe-bafd-3156565027b3",
"displayName": "Test User",
"sampledata": "<Your data here>"
}
Alternatively, you can specify the same thing in the ClaimType definition itself:
<ClaimType Id="extension_sampledata">
<DisplayName>Sample Data</DisplayName>
<DataType>string</DataType>
<DefaultPartnerClaimTypes>
<Protocol Name="OAuth2" PartnerClaimType="sampledata" />
<Protocol Name="OpenIdConnect" PartnerClaimType="sampledata" />
</DefaultPartnerClaimTypes>
</ClaimType>
That then automatically applies the appropriate PartnerClaimType
, depending on the protocol.
For example, the RelyingParty
definition:
<RelyingParty>
<DefaultUserJourney ReferenceId="SignIn"/>
<UserJourneyBehaviors>
<SingleSignOn Scope="Tenant" />
</UserJourneyBehaviors>
<TechnicalProfile Id="PolicyProfile">
<DisplayName>OpenIdConnectProfile</DisplayName>
<Protocol Name="OpenIdConnect"/>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="extension_sampledata" />
</OutputClaims>
<SubjectNamingInfo ClaimType="sub" />
</TechnicalProfile>
</RelyingParty>
Would still generate a token that contains the following claims (in addition to the standard claims):
{
"sub": "93575208-fd44-46fe-bafd-3156565027b3",
"displayName": "Test User",
"sampledata": "<Your data here>"
}