Greetings, good people! I’m new to Auth0 and the Auth0 community and need some help.
I’ve made a native app that uses SAMLP/SAML 2.0 and an external Identity Provider to authenticate users. The native app uses Auth0 as Service Provider and communicates with an application running on the Auth0 console (Basic setup following the “Quickstart for integrating Auth0 with my app”).
When the authentication is successful, the Identity Provider responds with specific user attributes. These attributes are visible under “User Details” in the “Users”-tab on the Auth0 console, but I would like to access these attributes through the native app.
When using the debugger, the response from the Auth0 application (Service Provider) contains accessToken, idToken, scope, expiresIn and tokenType (OpenID Connect). Is it possible to include the attributes in this response, or do I need some sort of workaround?
Hi there @diddeper, I may be miss understanding but what attributes would you like back in the response from the SP? I’m happy to help but I just want to make sure I understand the question. Thanks in advance!
Thanks for your reply @James.Morrison , this is a screenshot of the attribute I want (eduPersonPrincipalName). It’s under the “Identity Provider Attributes” when selecting/clicking a specific user.
This specific attribute is used during the testing phase of my project, so the SP will receive multiple attributes when the testing phase is over. In other words, what I really want is to access specific Identity Provider Attributes.
I can get access to these attributes by creating a Machine-to-Machine application and connect/authorize it to the management API. When I call the management API from a python-file specifying the user-id, all associated attributes from the Identity Provider is provided in the response.
This is exactly what i want for my native app, but is it safe or even possible to communicate with the management API from the native app?
Reaching out @diddeper after talking with our support team.
Custom Claims will deliver the initial fielding with the ID token for the specific attribute you seek. This document below has examples that can help you leverage that in your workflow.
It is safe to for a native app to communicate with the management API, when they are authenticate they receive an access token that will perform a general authentication flow.
You can also leverage the power of SAMLP and the mappings feature to accomplish what you want more dynamically but that does require a Developer-Pro account which means an upgrade from the free tier. I have linked a document below that dives into this.
Overall if you have any questions on this front. Please let me know and I will best to assist. Thanks!