I'm using Microsoft Azure Entra ID to authenticate my background application against my API using the client credentials flow.
var clientId = "GUID1";
var authority = "https://login.microsoftonline.com/GUID2";
var secret = "VerySecret";
var scope = new[] { "api://GUID3/.default" };
var app = ConfidentialClientApplicationBuilder.Create(clientId)
.WithAuthority(authority)
.WithClientSecret(secret)
.Build();
var authResult = await app.AcquireTokenForClient(scope).ExecuteAsync();
var token = new JwtSecurityTokenHandler().ReadJwtToken(authResult.AccessToken);
new ClaimsIdentity(token.Claims).Dump();
The authentication process is working just fine.
However I want to get the applications name from the token, but it does not have a name claim, only appid and oid are present which are the IDs of the application registration and the managed Enterprise application.
I tried adding the upn claim as optional token, but since upn is the user principal name and we do not have a user here, it does not get added to the token.
"optionalClaims": {
"idToken": [
{
"name": "upn",
"source": null,
"essential": false,
"additionalProperties": []
}
],
"accessToken": [
{
"name": "upn",
"source": null,
"essential": false,
"additionalProperties": []
}
],
"saml2Token": []
},
I also tried adding name as optional token, but was unable to save the manifest.
What is needed to add the name of the application to the token?
As far as I know, we can't add custom claims into Azure ad access token. If it proved to be impossible finally, we might use graph api to get the application name.