Skip to content Skip to sidebar Skip to footer
Home / Active Directory / Adal / C# / Javascript / Msal

Get Upn And Email Address From Msal 2.0 Tokens

Post a Comment
When switching from adal to the msal 2.0 browser library, I'm missing the UPN of the user in the idToken response, which leads to a principal that doesn't have a name in principal.

Solution 1:

Turns out msal supports 2 ways to get additional claims

  1. Via AD manifest settings
  2. When requesting a token as below

by adding additional scopes

const loginRequest = {
    scopes: ['User.Read', 'email']
};

and when validating a token different claims can be used to get the principal's identity by setting TokenValidationParameters.NameClaimType

Post a Comment for "Get Upn And Email Address From Msal 2.0 Tokens"