Fix Account.razor claim order for workforce tokens

mattleibow · Copilot · mattleibow · commit 43c82520a932 · 2026-04-18T00:11:42.000+02:00
Workforce Entra ID tokens use 'preferred_username' (UPN) instead of
the CIAM-specific 'emails' claim. Reorder the fallback chain so
preferred_username is checked first, followed by standard 'email'
and ClaimTypes.Email.

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/10.0/MauiBlazorWebEntraWorkforce/MauiBlazorWebEntraWorkforce.Shared/Pages/Account.razor b/10.0/MauiBlazorWebEntraWorkforce/MauiBlazorWebEntraWorkforce.Shared/Pages/Account.razor
@@ -60,9 +60,10 @@
 
         displayName = user.FindFirst("name")?.Value;
 
-        email = user.FindFirst("emails")?.Value
+        // Workforce tokens always include preferred_username (UPN).
+        // The "email" claim is present when the user has a mail address set.
+        email = user.FindFirst("preferred_username")?.Value
              ?? user.FindFirst("email")?.Value
-             ?? user.FindFirst(ClaimTypes.Email)?.Value
-             ?? user.FindFirst("preferred_username")?.Value;
+             ?? user.FindFirst(ClaimTypes.Email)?.Value;
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -60,9 +60,10 @@`
`60`	`60`
`61`	`61`	`displayName = user.FindFirst("name")?.Value;`
`62`	`62`
`63`		`- email = user.FindFirst("emails")?.Value`
	`63`	`+ // Workforce tokens always include preferred_username (UPN).`
	`64`	`+ // The "email" claim is present when the user has a mail address set.`
	`65`	`+ email = user.FindFirst("preferred_username")?.Value`
`64`	`66`	`?? user.FindFirst("email")?.Value`
`65`		`- ?? user.FindFirst(ClaimTypes.Email)?.Value`
`66`		`- ?? user.FindFirst("preferred_username")?.Value;`
	`67`	`+ ?? user.FindFirst(ClaimTypes.Email)?.Value;`
`67`	`68`	`}`
`68`	`69`	`}`