Resolving Custom Claims Issues in Azure AD B2C: A Guide to Authorization Code Flow vs. Implicit Flow
Discover why custom claims are missing in the authorization code flow in Azure AD B2C and how to resolve the issue effectively.
---
This video is based on the question https://stackoverflow.com/q/69649578/ asked by the user 'Jakub Bochenski' ( https://stackoverflow.com/u/1237617/ ) and on the answer https://stackoverflow.com/a/69710861/ provided by the user 'Jakub Bochenski' ( https://stackoverflow.com/u/1237617/ ) at 'Stack Overflow' website. Thanks to these great users and Stackexchange community for their contributions.
Visit these links for original content and any more details, such as alternate solutions, latest updates/developments on topic, comments, revision history etc. For example, the original title of the Question was: Custom claims included in implicit flow, but not included in PKCE flow
Also, Content (except music) licensed under CC BY-SA https://meta.stackexchange.com/help/licensing
The original Question post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/by-sa/4.0/ ) license, and the original Answer post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/by-sa/4.0/ ) license.
If anything seems off to you, please feel free to write me at vlogize [AT] gmail [DOT] com.
---
Understanding Custom Claims in Azure AD B2C
When working with Azure Active Directory B2C, you may encounter issues where custom claims are included in the implicit flow but not in the authorization code flow. This discrepancy can lead to confusion and unexpected behaviors in your applications. In this guide, we'll explore the reasons behind this issue and how to rectify it, ensuring that your custom claims configurations work correctly across different flows.
The Problem: Missing Custom Claims
A user recently reported an issue where certain custom claims — specifically organization and displayName — were missing from both the id and auth tokens when using the authorization code flow (response_type=code). However, when the implicit grant flow (response_type=id_token) was used, these claims appeared as expected. Let's delve into the details of the issue:
Authorization Code Flow: Claims are missing.
Implicit Grant Flow: Claims are present.
This inconsistency prompted the user to investigate their token configuration settings.
Token Configuration Review
From the user's provided configuration, the relevant portions show how the user journeys and relying party definitions have been set up. Here’s a simplified view of the configuration they included:
[[See Video to Reveal this Text or Code Snippet]]
The Solution: Setting the Correct Protocol
Upon investigation, the user discovered that the issue was due to an incorrect protocol definition in their configuration. The relevant portion of the Technical Profile was previously set as follows:
[[See Video to Reveal this Text or Code Snippet]]
To fix the issue, the <Protocol> attribute should be set to OpenIdConnect instead of None. Here’s the corrected version:
[[See Video to Reveal this Text or Code Snippet]]
With this change, the custom claims like organization and displayName should now be included in the tokens generated during the authorization code flow.
Understanding the Implicit Flow Behavior
One might wonder why the implicit flow worked correctly despite the protocol being set to None. This occurs because the implicit flow is less strict regarding the protocol requirements and might still function adequately without explicit definitions. However, relying on this behavior can lead to unexpected bugs in the future, especially as standards evolve or if the implementation changes.
Conclusion
In summary, if you're experiencing issues with missing custom claims in the authorization code flow while using Azure AD B2C, ensure that your protocol settings are correct. Switching the protocol from None to OpenIdConnect in the Technical Profile can resolve the issue and allow your custom claims to flow seamlessly as intended. Always double-check your configurations when setting up custom claims to prevent potential pitfalls.
By addressing these common configuration mistakes, you can ensure a smoother authentication experience for your users and better functioning applications.
Видео Resolving Custom Claims Issues in Azure AD B2C: A Guide to Authorization Code Flow vs. Implicit Flow канала vlogize
---
This video is based on the question https://stackoverflow.com/q/69649578/ asked by the user 'Jakub Bochenski' ( https://stackoverflow.com/u/1237617/ ) and on the answer https://stackoverflow.com/a/69710861/ provided by the user 'Jakub Bochenski' ( https://stackoverflow.com/u/1237617/ ) at 'Stack Overflow' website. Thanks to these great users and Stackexchange community for their contributions.
Visit these links for original content and any more details, such as alternate solutions, latest updates/developments on topic, comments, revision history etc. For example, the original title of the Question was: Custom claims included in implicit flow, but not included in PKCE flow
Also, Content (except music) licensed under CC BY-SA https://meta.stackexchange.com/help/licensing
The original Question post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/by-sa/4.0/ ) license, and the original Answer post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/by-sa/4.0/ ) license.
If anything seems off to you, please feel free to write me at vlogize [AT] gmail [DOT] com.
---
Understanding Custom Claims in Azure AD B2C
When working with Azure Active Directory B2C, you may encounter issues where custom claims are included in the implicit flow but not in the authorization code flow. This discrepancy can lead to confusion and unexpected behaviors in your applications. In this guide, we'll explore the reasons behind this issue and how to rectify it, ensuring that your custom claims configurations work correctly across different flows.
The Problem: Missing Custom Claims
A user recently reported an issue where certain custom claims — specifically organization and displayName — were missing from both the id and auth tokens when using the authorization code flow (response_type=code). However, when the implicit grant flow (response_type=id_token) was used, these claims appeared as expected. Let's delve into the details of the issue:
Authorization Code Flow: Claims are missing.
Implicit Grant Flow: Claims are present.
This inconsistency prompted the user to investigate their token configuration settings.
Token Configuration Review
From the user's provided configuration, the relevant portions show how the user journeys and relying party definitions have been set up. Here’s a simplified view of the configuration they included:
[[See Video to Reveal this Text or Code Snippet]]
The Solution: Setting the Correct Protocol
Upon investigation, the user discovered that the issue was due to an incorrect protocol definition in their configuration. The relevant portion of the Technical Profile was previously set as follows:
[[See Video to Reveal this Text or Code Snippet]]
To fix the issue, the <Protocol> attribute should be set to OpenIdConnect instead of None. Here’s the corrected version:
[[See Video to Reveal this Text or Code Snippet]]
With this change, the custom claims like organization and displayName should now be included in the tokens generated during the authorization code flow.
Understanding the Implicit Flow Behavior
One might wonder why the implicit flow worked correctly despite the protocol being set to None. This occurs because the implicit flow is less strict regarding the protocol requirements and might still function adequately without explicit definitions. However, relying on this behavior can lead to unexpected bugs in the future, especially as standards evolve or if the implementation changes.
Conclusion
In summary, if you're experiencing issues with missing custom claims in the authorization code flow while using Azure AD B2C, ensure that your protocol settings are correct. Switching the protocol from None to OpenIdConnect in the Technical Profile can resolve the issue and allow your custom claims to flow seamlessly as intended. Always double-check your configurations when setting up custom claims to prevent potential pitfalls.
By addressing these common configuration mistakes, you can ensure a smoother authentication experience for your users and better functioning applications.
Видео Resolving Custom Claims Issues in Azure AD B2C: A Guide to Authorization Code Flow vs. Implicit Flow канала vlogize
Комментарии отсутствуют
Информация о видео
26 мая 2025 г. 5:52:51
00:01:57
Другие видео канала
