No email for id token for B2C built in flow
I have B2C tenant for Azure Active Directory 1 (AD_1). I'd like to authenticate users from external AD_2. SignUp_SignIn flow was create for B2C tenant, all claims were selected. This flow related to custom open id provider with next settings, see below:
Within AD_2 I have app registration, see below
When I decode obtained token, I see no email value. I tried different variants for custom idp for email field, like email, sub - nothing works. Have I missed something? My ui settings are next
I registered one application in Azure AD tenant and added same API permissions as below:
In Token configuration, I added same optional claims for ID token like this:
Now, I configured Azure AD as an identity provider in B2C tenant by adding custom IDP with below parameters:
While running Sign Up and Sign In user flow, make sure to include email addresses claim like this:
When I ran the user flow, I got below login screen with Custom IDP AAD button:
After clicking Custom IDP AAD button, I got below screen to pick account where I selected Sri account:
In my case, I got below screen after completing authentication process with claims from Azure AD:
When I selected Continue, I got id_token with emails claim successfully like below:
In your case, make sure to select Email addresses in Application claims of user flow to get email in id_token:
You need to add email as value while configuring Custom IDP for email field.
References:
Set up sign-in for an Azure AD organization - Azure AD B2C | Microsoft
Azure AD B2C "email" claim is missing from JWT - Stack Overflow by Carl Zhao
- Retrieve all Users from all Groups?
- Cannot get AAD auth token in Logic Apps
- Using Azure Entra Id I cant see `Office 365 Exchange Online` under `APIs my organization uses`
- New tenant b2clogin URL returns error with "removed or changed"
- Azure Entra ID tokens endpoint issues an expired token
- Azure AD B2C password expiration
- Trouble when creating PowerBI report via JavaScript Client Library
- Azure Active Directory Enterprise App OpenID and User Provisioning (SCIM)
- How to select specific app registration based on tenant ID in ASP.NET Core MVC with Microsoft Identity Platform?
- Airflow ERROR - Error authorizing OAuth access token: Invalid JSON Web Key Set. [The request to sign in was denied.]
- Systematic Way to Identify Through Azure UI Required "App Registration" API Permission
- How does Delegated OnlineMeetingRecording.Read.All work?
- How to enable SAML as authentication provider in MS Entra?
- Get domain\username from microsoft graph
- Unable to Add User to Resource Group: Authorization_RequestDenied Error
- Login with Microsoft External Account -Issue when the user cancels the consent prompt during authentication
- Invalid argument error when adding Required Reviewer via Azure DevOps API
- Use Azure AD authentication but manage roles in database in .NET 6
- React Native MSAL - SSO does not work from Native to Web - iOS
- Microsoft: Unable to resolve Configuration with the provided Issuer
- Microsoft Graph filter for onPremisesExtensionAttributes
- Get users from Microsoft Entra by API without Graph
- What are the differences between Service Principal and App Registration?
- Unable to restore a deleted user with graph API
- How can I pass custom claims delivered via assertion into claims returned of access token?
- Custom Azure AD role for full access to Microsoft Cloud App Security
- Getting Redirect URI Mismatch error in Azure AD b2C
- Unable to acquire a token in IAuthDelgate of the microsoft information protection sdk
- Azure AD B2C IEF custom sign-up policy grab query parameters
- Cypress does not log in by cy.setCookie() in AzureDevOps project