0
votes

I have (what I hope) is a fairly straight forward question:

I'm using the AzureAD (brand new to it) Client Credentials flow. I want to add the (displayName or ApplicationID URI) as a claim in the access_token as I want the human readable client_id for logging.


This started because the subject (sub) is the uuid of the client and is immutable (best I can tell). Sure, no worries, so instead I just want to add another claim to the access_token of the displayName or the Application ID URI of the client. I want to use this for logging purposes. I have clicked through most of the AzureAD docs, stackoverflow, google, etc, but it appears my question is too specific so I can't find it.

I looked through the optional claims, but these seem focused on the user's info (I have no users, this is all service to service). https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims

Am I overlooking something obvious here?

Thanks!


Here is the claims in the token, I have redacted the claims as much as possible.

{
  "header": {
    "alg": "RS256",
    "kid": "nOo3ZDrODXEK1jKWhXslHR_KXEg",
    "typ": "JWT",
    "x5t": "nOo3ZDrODXEK1jKWhXslHR_KXEg"
  },
  "payload": {
    "aud": "test-audience",
    "iss": "https://sts.windows.net/00000002-0000-0000-c000-000000000000/",
    "iat": 1614866520,
    "nbf": 1614866520,
    "exp": 1614870420,
    "aio": "<snip>",
    "appid": "6644659a-0000-0000-c000-000000000000",
    "appidacr": "1",
    "idp": "https://sts.windows.net/00000002-0000-0000-c000-000000000000/",
    "oid": "<snip>",
    "rh": "0.AAAA<snip>",
    "roles": [
      "test-role",
    ],
    "sub": "01b32d39-0000-0000-c000-000000000000",
    "tid": "00000002-0000-0000-c000-000000000000",
    "uti": "<snip>",
    "ver": "1.0"
  }
}
1

1 Answers

0
votes

displayName claim is included in the access token by default.

It is app_displayname. And there is another claim named appid which means the client_id of the app registration in the access token by default.

This document has shown the appid claim.

Although it doesn't mention app_displayname claim, you can decode your access token in https://jwt.io to find it.

enter image description here