Add Custom value in UPN claim in Access Token generated using Azure AD Client Credential Flow

Question

We are using IdentityServer4 with Client Credential Grant Type but for one of consumer we tweaked Client Credential flow and introduced Delegation Grant Type and that's where we inject UPN claim in AccessToken as there will not be UPN claim in Access Token generated using Client Credential flow. Purpose of doing this is our upstrem apps authorize our API calls based on User.

Does Azure AD has any functionality where I can provide custom value of UPN claim for App and when that particular App is being used to generate access token using Client Credential flow, UPN claim with custom value will be available in Access Token?

score 1 · Accepted Answer · answered Jun 08 '22 at 11:09

I tried to reproduce the same in my environment using Client Credential:

In order to get UPN claim in access token, you need to add optional claim like below:

Go to Azure Portal -> Azure Active Directory -> App Registrations -> Your App -> Token Configuration -> Add optional claims.

enter image description here

When I decoded the access token generated with client credentials grant type, UPN claim is not included.

enter image description here

Please note that, if you need UPN claim in the token, then you have to make use of Authorization code flow, ROPC flow, Implicit flow authentication flows to acquire token. Check this.

I generated access token via Authorization code flow like below:

enter image description here

When decoded the token, got UPN claim successfully:

enter image description here

Add Custom value in UPN claim in Access Token generated using Azure AD Client Credential Flow

1 Answers1

Linked