OID Claim is missing in ASP Core ADB2C application

Question

I have a working ASP.NET Core ADB2C application, it uses custom policies, and configured to authenticate both local (ADB2C) and Google accounts.

I've recently noticed that the OID claim is missing from the token

public Task OnTokenValidated(TokenValidatedContext context)
{
    _onTokenValidated?.Invoke(context);
    return Task.Run(async () =>
    {
        try
        {
            var claims = context.SecurityToken.Claims;

Question

The OID claim was definitely there when I used User Flows. Now I am using custom policies, based on github's active-directory-b2c-custom-policy-starterpack/SocialAndLocalAccounts/

I know there is a lot of stuff with input and output claims, and transformations, but I am really beginner in custom policy to diagnose what is missing...

juunas juunas · Accepted Answer · 2020-05-17T15:46:08

In that default custom policy, SignUpOrSignin.xml contains this:

<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>

That means the object id is in the "sub" claim. If you do want the oid claim, you can in addition add that like this:

<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="oid"/>

OID Claim is missing in ASP Core ADB2C application

1 Answers