UserInfo endpoint does not output StringCollection claims correctly

[dave22000]

I have implemented a UserInfo Endpoint for a RelyingParty in my B2C Tenant. The string claim outputs correctly, but the StringCollection claims are issued as System.Collections.Generic.List`1[System.String]

In the token, the claims are: { "sub": "585cbc8c-97e2-4656-8c51-ac3d240e0b67", "user_accounts": [ "{\"id\":\"123456789\",\"display_name\":\"David Lundine\"}" ] }

In the UserInfo response, the claims are: { "sub": "585cbc8c-97e2-4656-8c51-ac3d240e0b67", "user_accounts": "System.Collections.Generic.List`1[System.String]" }

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: d95c19b5-d294-8ca6-da08-fffb512f2282
• Version Independent ID: 1eb91f6c-664c-672e-c420-c55c3e2b85b7
• Content: UserInfo endpoint
• Content Source: articles/active-directory-b2c/userinfo-endpoint.md
• Service: active-directory
• Sub-service: b2c
• GitHub Login: @msmimart
• Microsoft Alias: mimart

[JamesTran-MSFT]

@dave22000 Thanks for your feedback! We will investigate and update as appropriate.

[vipulsparsh]

@dave22000 Let me know if this thread helps in your scenario : https://github.com/Azure-Samples/active-directory-b2c-advanced-policies/issues/46

[dave22000]

@vipulsparsh thank you for the link and previous discussion - but that is a workaround using an external dependency which we would like to avoid. The UserInfo endpoint documentation does not specify that StringCollection claims are not supported, and having the claims issued correctly from the UserInfo endpoint is a requirement of our integration. Are there plans for Microsoft to resolve this?

[vipulsparsh]

@dave22000 Yes this is on plan and would be coming soon.

[dave22000]

@vipulsparsh Thank you, please let me know when fixed. What does a rough timetable look like in case I will have to go with a workaround?

[LarsKemmann]

@vipulsparsh

Yes this is on plan and would be coming soon.

I'm concerned that this was closed without actually providing a fix or a timetable on the fix. Please reopen this issue until it is actually resolved. This is impacting a very large client of ours and there should be visibility on open issues.

[craigeaw]

@JamesTran-MSFT This is still an issue and needs to be reopened. As of right now there is no way to serialize a string collection properly when implementing the userinfo endpoint.

[craigeaw]

@LarsKemmann or @dave22000 were you able to get this working somehow? I've tried building a JSON array string but it still outputs as a string like this in the JSON body: "groups": "[\"group1\","\group2\"]"

[msmimart]

Hi @James-Hamil-MSFT, as this issue is a product question and not currently documentation related, please re-triage or reassign for follow-up.

[JamesTran-MSFT]

@dave22000, @LarsKemmann, @craigeaw, Thank you all for following up on this and for your continued patience throughout this issue.

I reached out to our PG team, and this is a known issue. Unfortunately, we don't provide product release updates through our GitHub channels, but I'd recommend referring to our Azure Updates or Microsoft 365 Roadmap pages for this info.

As of right now, the only workaround would be to convert the string collection to comma delimiter string, using claims transformation.

Additional Link: Serialize StringCollection claim in the cookie

Since our engineering team is aware of this, I'll go ahead and close out this issue. If you have any other questions or require technical assistance, I'd recommend leveraging our Q&A forums or creating a Support Request so our engineers can take a closer look into your issue.

Thank you all again for your time and patience throughout this. cc: @yoelhor

[craigeaw]

@JamesTran-MSFT converting to a comma delimited string does not output a proper JSON array, so it's not a workaround when a JSON array is expected by the application. I understand that this isn't the best channel for updates, but there have been few B2C updates in the last year and there is nothing on that roadmap the mentions this. Is there a specific roadmap from the product team or an ETA when this will be fixed? This has been an issue for 1.5 years.

[PaulKirwan]

This is still an issue. Can someone provide an update on when this will be fixed? I'm struggling to understand how a simple serialisation bug hasn't been fixed in the number of years this has been known.