Accessing email when accessing Azure B2C Identity (with member user)

0
votes

I am using Identity Server 4 and using the following scopes, however I am unable to access the claim email.

              .AddOpenIdConnect("AzureB2C", "External Users AD_B2C",
                          options =>
                          {
                              options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
                              options.Authority = appConfig.AzureB2C.Authority;
                              options.ClientId = appConfig.AzureB2C.ClientId;
                              options.ClientSecret = appConfig.AzureB2C.Secret;
                              options.ResponseType = OpenIdConnectResponseType.Code;
                              options.Scope.Add("openid");
                              options.Scope.Add("email");
                              options.Scope.Add("profile");[![enter image description here][1]][1]

The openid-configuration does mention emails as supported but I cannot get this claim either

"claims_supported": [ "name", "emails", "given_name", "idp", "family_name", "oid", "sub", "idp_access_token", "tfp", "iss", "iat", "exp", "aud", "acr", "nonce", "auth_time" ]

enter image description here

1
azureasp.net-identityidentityserver4openid-connectazure-ad-b2c

1 Answers

0
votes

First, you need to add claims. This link shows you how to get email in Claims after successfully Signin in azure ad b2c.

Note about email claim:

If the user authenticates with a social identity provider, the email address is stored in the otherMails property. If a local account is based on a user name, then the email address is stored in a strong authentication detail property. If a local account is based on an email address, then the email address is stored in the signInNames property.

Only the otherMails and signInNames properties are exposed through the Microsoft Graph API. The email address in the strong authentication detail property is not available.

If you want to get emails in the id_token claims, the Email Addresses must be selected in the portal(Navigate to userFlow-> Application claims). You could Run user flow to test it.

enter image description here