unable to get given_name and family_name from azure v2 token endpoint

Question

In the manifest of my application registration I've configured to retrieve the given_name and family_name claims (through the UI, the resulting manifest looks like this):

        "idToken": [
            {
                "name": "family_name",
                "source": "user",
                "essential": false,
                "additionalProperties": []
            },
            {
                "name": "given_name",
                "source": "user",
                "essential": false,
                "additionalProperties": []
            }
        ],

During the redirect I add the profile scope along with the given_name and family_name scopes, which results in the following error.

Message contains error: 'invalid_client', error_description: 'AADSTS650053: The application 'REDACTED' asked for scope 'given_name' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'. Contact the app vendor.

Any ideas? As I understand that is what is required to configure these optional claims on the v2.0 endpoint as described here: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims#v20-specific-optional-claims-set

Raghavendra beldona Raghavendra beldona · Accepted Answer · 2020-05-18T18:42:10

Once you configure optional claims for your application through the UI or application manifest. you need to provide profile Delegated permissions for the application.

unable to get given_name and family_name from azure v2 token endpoint

2 Answers