Merge pull request #113056 from komayama/patch-8

Court72 · web-flow · commit dc47948d3c6a · 2023-08-02T09:14:02.000-06:00
Update id-token-claims-reference.md
diff --git a/articles/active-directory/develop/id-token-claims-reference.md b/articles/active-directory/develop/id-token-claims-reference.md
@@ -45,7 +45,7 @@ The following table shows the claims that are in most ID tokens by default (exce
 |`idp`| String, usually an STS URI | Records the identity provider that authenticated the subject of the token. This value is identical to the value of the issuer claim unless the user account isn't in the same tenant as the issuer - guests, for instance. If the claim isn't present, it means that the value of `iss` can be used instead. For personal accounts being used in an organizational context (for instance, a personal account invited to a tenant), the `idp` claim may be 'live.com' or an STS URI containing the Microsoft account tenant `9188040d-6c67-4c5b-b112-36a304b66dad`. |
 |`nbf` |  int, a Unix timestamp | Identifies the time before which the JWT can't be accepted for processing. |
 |`exp` |  int, a Unix timestamp | Identifies the expiration time on or after which the JWT can't be accepted for processing. In certain circumstances, a resource may reject the token before this time. For example, if a change in authentication is required or a token revocation has been detected. |
-| `c_hash`| String | The code hash is included in ID tokens only when the ID token is issued with an OAuth 2.0 authorization code. It can be used to validate the authenticity of an authorization code. To understand how to do this validation, see the [OpenID Connect specification](https://openid.net/specs/openid-connect-core-1_0.html#HybridIDToken). |
+| `c_hash`| String | The code hash is included in ID tokens only when the ID token is issued with an OAuth 2.0 authorization code. It can be used to validate the authenticity of an authorization code. To understand how to do this validation, see the [OpenID Connect specification](https://openid.net/specs/openid-connect-core-1_0.html#HybridIDToken). This claim isn't returned on ID tokens from the /token endpoint. |
 | `at_hash` | String | The access token hash is included in ID tokens only when the ID token is issued from the `/authorize` endpoint with an OAuth 2.0 access token. It can be used to validate the authenticity of an access token. To understand how to do this validation, see the [OpenID Connect specification](https://openid.net/specs/openid-connect-core-1_0.html#HybridIDToken). This claim isn't returned on ID tokens from the `/token` endpoint. |
 | `aio` | Opaque String | An internal claim that's used to record data for token reuse. Should be ignored. |
 | `preferred_username` | String | The primary username that represents the user. It could be an email address, phone number, or a generic username without a specified format. Its value is mutable and might change over time. Since it's mutable, this value can't be used to make authorization decisions. It can be used for username hints and in human-readable UI as a username. The `profile` scope is required to receive this claim. Present only in v2.0 tokens. |
@@ -97,4 +97,4 @@ To ensure that the token size doesn't exceed HTTP header size limits, the number
 
 ## Next steps
 
-- Learn more about the [ID tokens used in Azure AD](id-tokens.md).
+- Learn more about the [ID tokens used in Azure AD](id-tokens.md).
