Get Upn And Email Address From Msal 2.0 Tokens
When switching from adal to the msal 2.0 browser library, I'm missing the UPN of the user in the idToken response, which leads to a principal that doesn't have a name in principal.
Solution 1:
Turns out msal supports 2 ways to get additional claims
- Via AD manifest settings
- When requesting a token as below
by adding additional scopes
const loginRequest = {
scopes: ['User.Read', 'email']
};
and when validating a token different claims can be used to get the principal's identity by setting TokenValidationParameters.NameClaimType
Post a Comment for "Get Upn And Email Address From Msal 2.0 Tokens"