Azure Active Directory: how to get user's object id via auth code flow (MSAL)?

Question

I have developed web application (Python/Django) for my client and he wants me to add SSO via Azure Active Directory that he setup. Also I need to fetch user profile information (email, upn) and update it when it changes in AD.

I managed to get SSO working using MSAL with auth code flow and able to send requests to Graph API on behalf of user to get profile information (/me).

To get profile updates I created subscription (webhook) to /users resource using app identity (client credentials grant flow).

The problem is that I can't understand how to correlate users I get from subscriptions with users I get from auth code flow via MSAL. Notifications from subscriptions give me ids i can find on azure portal (GUID), but profile information requests on behalf of user dont give me same ids. There are ids, but these ids are differenet (something like c66b9ba73bcba166)

Answer 1

As juunas mentioned, the object id is typically oid or sub.

Example using jwt.ms to examine the ID token:

Also, if your app needs to distinguish between app-only access tokens and access tokens for users, you can use use the idtyp optional claim.