Menu
Since ADFS 4.0 implicit flow doesn't return custom claims in id_token I tried getting those from userInfo endpoint. To get access token for userinfo endpoint one must use resource urn:microsoft:userinfo. So to get access token for resources and id token for client one must send two queries.
After that the userinfo endpoint responds with just
{
"sub": "fRwBBEb3bOu6Pt/xHsS0/Z5TKn24llZ3FGFMT+LP9QA="
}
Custom claims are always available in access_token and if i use response_mode=form_post when querying token endpoint then they are also in id_token. Form post is not suitable for SPA. Is userinfo supposed to return anything useful at all?
369
asked Oct 18 '25 15:10
It could e.g. the Azure AD endpoint returns a lot more but that's the way the ADFS team have implemented this.
You could ask for more claims to be returned via uservoice.
162
Apparently the ADFS 2016 user info endpoint does not return more than the subject claim, according to the ADFS FAQ:
The ADFS userinfo endpoint always returns the subject claim as specified in the OpenID standards. AD FS does not provide additional claims requested via the UserInfo endpoint. If you need additional claims in ID token, refer to Custom ID Tokens in AD FS.
32
answered Oct 22 '25 06:10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
