Optional/Custom claim for OAuth app in Azure AD
Can I add the user.officelocation claim for OAuth registered app in Azure AD? If I add it in its service principal in Enterprise Apps ? Will it work ? Do I get office location of users (synced users) in Access token? Or i need to configure something else (office location field is blank in user properties)in user' profile? My app has user.read.all scope granted.
Yes, you can use Azure AD access token to get office location of users.
In the Azure AD application and updated the manifest:
In the Enterprise application added claim like below:
Granted API permissions:
I generated the access token and the office location claim displayed successfully:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/authorize?client_id=ClientID&response_type=token&redirect_uri=https://jwt.ms&scope=api://xxx/claims.read&state=12345&nonce=12345
Note that: If the user doesn't have the office location updated then the claim will not be returned in the access token.
Make sure that the office location attribute is sync'd or update it in user properties:
Go to Azure Portal -> Users -> Edit properties
- getToken occurs error Dynamic Code Evaluation (e. g. 'eval', 'new Function', 'WebAssembly.compile') not allowed in Edge Runtime
- Stuck on openAuthSessionAsync - How to Close Browser After Successful Google OAuth Login?
- Facebook OAuth "The domain of this URL isn't included in the app's domain"
- Extend Magento REST API in custom module
- LinkedIn API OAuth refresh token
- Exchanging a google idToken for local openId token c#
- Curl error 60, SSL certificate issue: self signed certificate in certificate chain
- Keycloak + SPA as client (Vue) + Spring Cloud Gateway as resource server + Spring Boot Microservices
- oAuth: How to integrate Twitter and LinkedIn in the same app?
- How can I download a single raw file from a private github repo using the command line?
- How do you access the result structure returned with cfoauth?
- SSO not working in iOS when using AWS Cognito and Azure AD
- In JWT Authentication in .NET 7, how can a "validated" token be "missing"?
- Use CakePHP Http Client with Magento2 rest API search criteria
- GitLab OAuth access token validity
- How to get access Token from Amadesu API on Python
- Difficulty setting up Oauth, Error (400): invalid_scope
- Microsoft OAuth authorization code flow CORS
- Allowing Cognito non verified users to sign in?
- How to start using OAuth in Silverlight
- Getting invalid_scope when attempting to obtain a refresh token via the Google API
- OAuth2AuthenticationException: [invalid_client] when try sign in with Apple in Spring Boot application
- JWT (Json Web Token) Audience "aud" versus Client_Id - What's the difference?
- Relationship between Google Identity Services - Sign In with Google and User Authorization for Google APIs
- How to list all contacts of email without the Oauth API?
- Why Both Web and Android Client IDs needed for Google authn using Supabase on Flutter?
- Keycloak - Assign a client scope to user with a specific role
- Endless troubles with next-auth v4 and FacebookProvider
- Is there any way to check if oauth token is expired or not?
- How can an Accelo Web Application determine the 'staff ID' of the logged-in user?