How do you return custom claims to userinfo endpoint when using OIDC?

When I use an OIDC-generated token against userinfo, it doesn’t return identities and other claims that are considered custom under the OIDC spec. How do I get it to return this info?

You can return custom claims in the userinfo endpoint when using OIDC by adding them to the ID token via a rule.

For example, if you were to create a rule like the following:

function (user, context, callback) {
  const namespace = 'https://yourdomain.url/';

  if(user.user_metadata && user.user_metadata.example) {
    context.idToken[namespace + 'example'] = user.user_metadata.example;
  }

  callback(null, user, context);
}

You’d then receive the contents of the example property when calling userinfo in the https://yourdomain.url/example key.

Don’t forget that with OIDC you must namespace any custom claims with a URL that doesn’t contain ‘Auth0’ or ‘webtask’.

Is it possible to include custom claims in the userInfo endpoint only? If the claims are always included in both the idToken/accessToken and the userInfo endpoint, then im not sure why theres a need to even use the userInfo endpoint (for the OIDC conformant flow anyway).

1 Like