Skip to content Skip to sidebar Skip to footer

Get Upn And Email Address From Msal 2.0 Tokens

When switching from adal to the msal 2.0 browser library, I'm missing the UPN of the user in the idToken response, which leads to a principal that doesn't have a name in principal.

Solution 1:

Turns out msal supports 2 ways to get additional claims

  1. Via AD manifest settings
  2. When requesting a token as below

by adding additional scopes

const loginRequest = {
    scopes: ['User.Read', 'email']
};

and when validating a token different claims can be used to get the principal's identity by setting TokenValidationParameters.NameClaimType

Post a Comment for "Get Upn And Email Address From Msal 2.0 Tokens"