4

I'm following this article to pass email and displayName as id_token_hint to my custom policy. Following is the technical profile I'm using to extract the data:

      <TechnicalProfiles>
        <TechnicalProfile Id="IdTokenHint_ExtractClaims">
          <DisplayName> My ID Token Hint TechnicalProfile</DisplayName>
          <Protocol Name="None" />
          <CryptographicKeys>
            <Key Id="client_secret" StorageReferenceId="B2C_1A_ClientAssertionSigningKey" />
          </CryptographicKeys>  
          <OutputClaims>
            <!--Sample: Read the email cliam from the id_token_hint-->
            <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="newUserEmail"/>
            <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="displayName"/>
          </OutputClaims>
        </TechnicalProfile>

Problem is, I'm only able to extract the email value. The displayName claim type not getting extracted. I checked the id_token_hint value in jwt.ms, value for both email and displayName is present there. How can i solve this?

Alex
  • 734
  • 6
  • 29

1 Answers1

6

You must also add the incoming claims as the input claims for the RelyingParty technical profile.

Example

<RelyingParty>
  <DefaultUserJourney ReferenceId="SignUpOrSignIn" />
  <TechnicalProfile Id="PolicyProfile">
    <DisplayName>PolicyProfile</DisplayName>
    <Protocol Name="OpenIdConnect" />
    <!-- The following claims are read from the ID token -->
    <InputClaims>
      <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="newUserEmail" />
      <InputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="displayName" />
    </InputClaims>
    <OutputClaims>
      <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />
      ...
    </OutputClaims>
    <SubjectNamingInfo ClaimType="sub" />
  </TechnicalProfile>
</RelyingParty>
Chris Padgett
  • 14,186
  • 1
  • 15
  • 28