Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When supplying null "source" in an optionalClaim, the manifest results in an empty string and not null #30

Open
dammitjanet opened this issue Jul 15, 2021 · 0 comments

Comments

@dammitjanet
Copy link

If a create an Application via the Azure Portal, the manifest shows the source as null

"optionalClaims": {
		"idToken": [
			{
				"name": "email",
				"source": null,
				"essential": false,
				"additionalProperties": []
			},
			{
				"name": "groups",
				"source": null,
				"essential": false,
				"additionalProperties": [
					"sam_account_name",
					"emit_as_roles"
				]
			}
		],

However if I create a optionalClaim via PowerShell, the resulting optionalClaim is string Empty and not null as provided.

	"optionalClaims": {
		"idToken": [
			{
				"name": "email",
				"source": "",
				"essential": false,
				"additionalProperties": []
			},
			{
				"name": "groups",
				"source": "",
				"essential": false,
				"additionalProperties": [
					"sam_account_name",
					"emit_as_roles"
				]
			}
		],

code to create the class instance in powershell is as follows, each of the instance uses the built in constructor and the 2nd parameter is the source, each is supplied as $null

$groups_claim = [Microsoft.Open.AzureAD.Model.OptionalClaim]::new("groups", $null, $false, @("sam_account_name","emit_as_roles"))
$email_claim = [Microsoft.Open.AzureAD.Model.OptionalClaim]::new("email", $null, $false, @())
$username_claim = [Microsoft.Open.AzureAD.Model.OptionalClaim]::new("preferred_username", $null, $false,  @())

$idtoken_claims = [System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.OptionalClaim]]::new(2)
$idtoken_claims.Add($email_claim)
$idtoken_claims.Add($groups_claim)

$accessToken_claims = [System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.OptionalClaim]]::new(2)
$accessToken_claims.Add($username_claim)
$accessToken_claims.Add($groups_claim)

$optional_claims = [Microsoft.Open.AzureAD.Model.OptionalClaims]::new($idtoken_claims, $accessToken_claims)

Set-AzureADApplication -ObjectId $appObjectId -RequiredResourceAccess $requiredResourcesAccess -OptionalClaims $optional_claims
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant