Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Azure AD B2C: How to reference built in claims in custom policies?

Tags:

azure-ad-b2c

I am writing a custom policy for AAD B2C and need to include some built-in claims (country/region, postalcode, city, address).

I've used the starter pack and noticed that even claims like e-mail are declared in the schema on TrustFrameworkBase ClaimSchema element like the sample below, some of them references a DefaultPartnerClaimTypes element by protocol:

<ClaimsSchema>
...

  <ClaimType Id="displayName">
        <DisplayName>Display Name</DisplayName>
        <DataType>string</DataType>
        <DefaultPartnerClaimTypes>
          <Protocol Name="OAuth2" PartnerClaimType="unique_name" />
          <Protocol Name="OpenIdConnect" PartnerClaimType="name" />
          <Protocol Name="SAML2" PartnerClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" />
        </DefaultPartnerClaimTypes>
        <UserHelpText>Your display name.</UserHelpText>
        <UserInputType>TextBox</UserInputType>
      </ClaimType>
...
      <ClaimType Id="email">
        <DisplayName>Email Address</DisplayName>
        <DataType>string</DataType>
        <DefaultPartnerClaimTypes>
          <Protocol Name="OpenIdConnect" PartnerClaimType="email" />
        </DefaultPartnerClaimTypes>
        <Restriction>
          <Pattern RegularExpression="^[a-zA-Z0-9.!#$%&amp;'^_`{}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$" HelpText="Please enter a valid email address." />
        </Restriction>
      </ClaimType>
...
</ClaimsSchema>

These are text typed claims and the e-mail claim for instance has a regex restriction to validate email adress, my question is regarding a country/region claims for example, which in the built in claim are enumeration restricted and presented as dropdown. Is it possible to reference it from my custom policy without defining all elements and rules? Simply reference the built-in ClaimType?

Thank you

like image 278
Alex Nobre Avatar asked Nov 28 '25 07:11

Alex Nobre

1 Answers

The country claim is mapped to the country property of the user object. The country property of a user object can contain any string value.

So it's up to the policy developer to determine if the country claim should be limited to a well-known list of values or not.

If so, then you must add the <Restriction /> element to the claim type.

like image 146
Chris Padgett Avatar answered Dec 01 '25 22:12

Chris Padgett
Sign in to Comment

Related questions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!