'How to map OutputClaims with Json keys containing a dot (.) with Azure AD B2C Custom Policy

I need to develop a RESTful technical profile that is able to pass a JSON response such as:

{
   "somekey.withadot": "Some value"
}

My technical profile is as follows:

<TechnicalProfile Id="SomeId">
      <DisplayName>Some displayname</DisplayName>
      <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
      <Metadata>
        <Item Key="SendClaimsIn">Url</Item>
        <Item Key="ServiceUrl">https://someurl.com</Item>
        <Item Key="AuthenticationType">Bearer</Item>
        <Item Key="UseClaimAsBearerToken">identityProviderAccessToken</Item>
      </Metadata>
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="identityProviderAccessToken" />
      </InputClaims>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="somekey" PartnerClaimType="somekey.withadot"/>
      </OutputClaims>
    </TechnicalProfile>

However, Azure AD B2C tries parsing the JSON as a nested body due to their dot notation. Has anybody come up with a solution to this?

azure-ad-b2c


Solution 1:[1]

Update: I have been in contact with Azure. The engineers from the engineering team who have been investigating it did some additional testing and the conclusion was: if JSON parameter name contains a dot (example: somekey.withadot) then the claim cannot be passed regardless of whether ResoveJsonPathsInJsonTokens is set to true or false. The expectation is that the JSON property name does not contain a dot.

The team does not consider this a bug because the JSON property is not expected to contain a dot, but the team will submit this as a feature and also update the public document on ResoveJsonPathsInJsonTokens.

Update: It has been added as a feature request: https://feedback.azure.com/d365community/idea/23e6ae2b-4fdb-ec11-a81b-0022484ee92d

Solution 2:[2]

Set ResolveJsonPathsInJsonTokens metadata item to false.

https://docs.microsoft.com/en-us/azure/active-directory-b2c/restful-technical-profile#metadata

Key Required Description
ResolveJsonPathsInJsonTokens No Indicates whether the technical profile resolves JSON paths. Possible values: true, or false (default). Use this metadata to read data from a nested JSON element. In an OutputClaim, set the PartnerClaimType to the JSON path element you want to output. For example: firstName.localized, or data[0].to[0].email.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1
Solution 2 Jas Suri - MSFT

Related Questions

Pass parameters to Sign-up policy

Pass parameters to Sign-up policy

Azure AD B2C with React Native Expo

Is it possible to automatically update B2C user details by using claims from the Issuer, using Identity Experience Framework?

Can I use SVG within a customized the Azure AD B2C user interface?

Azure B2C password field text and placeholder

Looking up users in AAD B2C using extension attributes or unusual standard attributes

Azure AD B2C - Supporting a daemon app along with B2C clients such as Web page and native mobile app

Single Sign Out Not working between OpenID & SAML (Azure AD B2C)

Argo Workflow SSO not working with Azure Active Directory B2C

How to query another Azure Active Directory tenant from Graph Explorer

Azure AD B2C Single Sign Out not signing out all applications when using multiple protocols

404 Not Found error via resource owner password credentials flow in Azure AD B2C

Azure B2C - REST API call Error "Message: The claims exchange <Id> specified in step <order> returned HTTP error response that could not be parsed"

Xamarin.Forms MSAL authentication java.exe exited with code 1