Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Custom claims not in id_token or /userinfo response
See original GitHub issueI can’t seem to get custom claims to show up in the id_token nor the /userinfo response.
Here’s my configuration:
mock-idp:
image: soluto/oidc-server-mock:0.1.2
ports:
- "4014:80"
environment:
CLIENTS_CONFIGURATION_INLINE: |
[
{
"AllowAccessTokensViaBrowser": true,
"AllowedGrantTypes": [
"authorization_code",
"refresh_token"
],
"AllowedScopes": [
"openid",
"profile",
"email"
],
"AllowPlainTextPkce": true,
"AlwaysIncludeUserClaimsInIdToken": true,
"ClientId": "example-client",
"ClientSecrets": [
"example-password"
],
"RedirectUris": [
"http://client.docker:5050/idp/callback/"
],
"RequirePkce": false
}
]
USERS_CONFIGURATION_INLINE: |
[
{
"SubjectId": "1",
"Username": "test",
"Password": "test",
"Claims": [
{
"Type": "name",
"Value": "test"
},
{
"Type": "email",
"Value": "test@example.com"
},
{
"Type": "email_verified",
"Value": true
},
{
"Type": "preferred_username",
"Value": "test"
}
]
}
]
Notice I’ve defined two custom claims above;
nameandpreferred_username.
Here’s the id_token:
{
'amr': ['pwd'],
'at_hash': 'IBXeLLcfPJPGnAGUmsudgA',
'aud': 'shipshop',
'auth_time': 1596564870,
'email': 'test@example.com',
'email_verified': 'True',
'exp': 1596565170,
'iat': 1596564870,
'idp': 'local',
'iss': 'http://mock-idp.docker:4014',
'nbf': 1596564870,
'nonce': '1jhAyqmvisvHxUj8JGjiu73vxt4JwqDr',
'sid': '827658dc41ab9de2f8801c6ebd3ff29e',
'sub': '1'
}
Notice
nameandpreferred_usernameare not present.
And the /userinfo response:
{
'email': 'test@example.com',
'email_verified': 'True',
'sub': '1'
}
Notice
nameandpreferred_usernameare not present.
I must be misunderstanding something, any help appreciated!
Issue Analytics
- State:
- Created 3 years ago
- Comments:18 (7 by maintainers)
Top Results From Across the Web
Add custom claims to /userinfo but NOT id_token
Unfortunately, there is no way to add custom claims to the /userinfo endpoint. First, you can only make a GET request to the...
Read more >What is the correct way to add custom claims to id_tokens ...
I'm using the new API Authorization features and now my id_token doesn't include the full user-profile anymore. It only looks like this:
Read more >c# - access_token without custom claims, with claims still ...
Subject.Claims contains the custom claims when calling the token endpoint, but it does not contain the custom claims when called from userinfo ....
Read more >Custom claim is not showing in /userinfo - Questions
I found that it's possible to create custom claims in Security > API. I did that specifying scopes openid and email. Tried several...
Read more >How To Add Custom Profile Attributes As Claims In a ID ...
Solution | Steps | Answer If using Auth Code Flow (thin token) you will find the custom profile attribute by calling the /userinfo...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@AleF83 that worked!
I was also able to get the custom claims working by creating a custom identity resource.
Thanks for all your help!
@cburmeister Ok, after some digging I have the solution. I misled you in my previous answer. To turn cookies SameSite mode to Lax you need to add the following line in
SERVER_OPTIONS_ONLINEenv var or to file mapped withSERVER_OPTIONS_PATHenv var.These env vars allows you to configure the top level of IdentityServer. The value is deserialized to IdentityServerOptions