ID token missing email and profile claims

Hi,

I’m trying to get Auth0 to add email and profile claims to the ID token I get out during an implicit grant login. Auth0 seems to be ignoring the scope I set though.

Here’s my test call
https://stibosystems.eu.auth0.com/authorize?audience=https://localhost&response_type=id_token&scope=openid%20profile%20email&client_id=MAWqKLjJDr3ispWIh16er03UCaz4FdUQ&redirect_uri=https%3A%2F%2Fapp.getpostman.com%2Foauth2%2Fcallback&nonce=123state=abc

I’ve also tried just asking for the id token, e.g.
https://stibosystems.eu.auth0.com/authorize?
scope=openid%20email&
response_type=id_token&
client_id=MAWqKLjJDr3ispWIh16er03UCaz4FdUQ&
redirect_uri=https%3A%2F%2Fapp.getpostman.com%2Foauth2%2Fcallback&
nonce=123
state=abc

The client is OIDC conforming with the postman URL listed in the callback URLs, and the user I’m logging in with is a username-password user stored in Auth0. Are there any other settings I should be looking at that may be set incorrectly, or are my test requests malformed in some way?

Thanks.

Support clarified what was happening here, maybe this will help others.

The request I posted was doing two things: Asking for authorization for the https://localhost audience, and requesting an id token. The audience parameter appears unnecessary in this case. The id token scopes were being ignored because I had a rule running that restricted access token scopes. It turns out that in order to request e.g. the “email” scope for the id token, rules must allow that scope on access tokens as well.

I updated my rule to allow the OpenID scopes (email, profile, address, phone), and now the id token contains the expected claims.

Hi stdo,

I’m having the same issue.

Did you set custom rules which caused this? I haven’t got any rules set and I’m still getting this issue.

Thanks

Yes, the problem for me was a custom rule that set scopes in the access token.

Thanks a lot for sharing it with the rest of community!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.