Scenario: We add fields to the user profile in our Azure AD to contain information on account type (e.g. Employee, Basic Customer, Premium Customer). Can these be returned using Azure AD's OpenConnect UserInfo endpoint?
2 Answers
1
votes
You can request fields from the user object in the graph API after login. For example in the AuthorizationCodeReceived callback of the OpenIdConnectAuthenticationNotifications you can query the user object at that point for information that isn't already present in the JWT token.
If you are using Azure AD Connect to sync the local AD with Azure AD, you can map extra properties from the local AD to be extended properties in the Azure AD. And you can read those using the Azure AD Graph API as well.
1
votes
AFAIK , currently we can't extend claims we can get from the openid-connect userinfo endpoint in azure ad , if possible i would suggest you could call microsoft graph api instead, you could get the extension properties for the user object using Open Extension or Schema Extensions , please click here for more details .
