Azure AD OIDC Authentication

Hi, I possibly find the problem.

As the documentation on Microsoft

The reported email address for this user JWT, SAML MSA, Azure AD This value is included by default if the user is a guest in the tenant. For managed users (the users inside the tenant), it must be requested through this optional claim or, on v2.0 only, with the OpenID scope. This value is not guaranteed to be correct, and is mutable over time - never use it for authorization or to save data for a user.

On the jwtClaims that I return from Azure AD I see that the Email address come on “preferred_username” key.