StringSplit ClaimsTransformation Issue with Empty/Null Input #677
Description
The StringSplit ClaimsTransformation in Azure AD B2C custom policies throws an exception when the input claim is empty or null, and there's no way to gracefully handle this scenario without producing unwanted results.
Steps to Reproduce
- Create a custom user attribute (e.g., extension_Roles) as a string type in Azure B2C portal
- Create a ClaimsTransformation using StringSplit to convert the string to a stringCollection:
<ClaimsTransformation Id="SplitRoles" TransformationMethod="StringSplit">
<InputClaims>
<InputClaim ClaimTypeReferenceId="extension_Roles" TransformationClaimType="stringToSplit" />
</InputClaims>
<InputParameters>
<InputParameter Id="delimiter" DataType="string" Value="," />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="roles" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
- Test with a user who has an empty/null value for the extension_Roles attribute
- The transformation fails with an exception
Workaround : Use DefaultValue=""
<OutputClaim ClaimTypeReferenceId="roles" TransformationClaimType="outputClaim" DefaultValue="" />
Problem: This produces roles: [""] in the JWT token instead of an empty array roles: []
Expected Behavior
The StringSplit transformation should:
Not throw an exception when input is empty/null
Return an empty stringCollection ([]) when input is empty, not [""]
Have a parameter like ignoreEmpty="true" or continueOnError="true" to handle this gracefully