How to get group/role claim in ID token from Azure B2C?
I followed these steps to get a custom claim in ID token with name 'extension_6de6a54XXXXX4560b9d65731ce869be4_Role'. But, my expected output is 'groups' claim or 'role' claim information.
I tried customMappingPolicies to map this ID token claim 'extension_6de6a54XXXXX4560b9d65731ce869be4_Role' with the 'groups' claim. But, following this documentation steps does not seem to affect the issued ID token from B2C.
When I found this answer that explains getting group membership using custom policies. I got stuck on the step where entering below details for microsoft graph in file TrustFrameworkExtensions.xml. I don't have answer to question like
- Should I enter a microsoft graph endpoint in ServiceUrl?
- How will AccessToken be supplied?
- How will JSON response be fetched and output be passed in token?
<TechnicalProfile Id="REST-RBAC">
<DisplayName>Read and validate user's groups</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<!-- Demo: Change the service URL with your REST API location -->
<Item Key="ServiceUrl">https://graph.microsoft.com/v1.0/users/{objectId}/getMemberGroups</Item>
Demo: Change the AuthenticationType to basic or ClientCertificate.
For more information, see: https://video2.skills-academy.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw-secure-cert
<Item Key="AuthenticationType">Bearer</Item>
<Item Key="SendClaimsIn">Url</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectId" />
<!--Demo: set the DefaultValue to empty string or comma delimiter list
of security groups to validate-->
<!-- <InputClaim ClaimTypeReferenceId="onlyMembersOf" DefaultValue="admins" /> -->
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="groups" />
</OutputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>
NOTE: I don't want my application to handle https request just for one piece of information that I can get in token.
Thanks In Advance.