Add standard OpenID Connect claims to id token

jochen.walz · July 13, 2024, 12:47pm

I’m new to this forum and we just started using Auth0 - so I just may not have digged deep enough to find the right way to reach following:

We need some of the claims from the OIDC standard profile for our application (e.g., zoneinfo and locale). The documentation (OpenID Connect Scopes) tells that these are returned in an id token. However, I haven’t found a place where these properties can be administrated for a user in the Auth0 user management.

Then, I tried to add “locale” : “en-US” to the user_metadata of a user. Still, the id_token in the token response did not contain the locale. The only way I could reach that was to add a post-login action to the login flow and explicitly add the “locale”, “zoneinfo” … claims to the id token:

api.idToken.setCustomClaim(`zoneinfo`, event.user.user_metadata.zoneinfo);

Is this really the correct way in Auth0 to deliver standard OIDC claims to id tokens? Please note that this is not about custom claims which do not appear in the standard OIDC scopes.

By the way: unfortunately, I could not select the oidc and id_token tags for creating this topic.

rueben.tiow · July 16, 2024, 9:20pm

Hi @jochen.walz,

Welcome to the Auth0 Community!

Yes, that’s correct!

Using a post-login action is the correct way to append custom claims to an ID or access token.

Let me also clarify that the profile scope, while it should contain the zoneinfo and locale claims, in this documentation, it states that profile will only return the name, family_name , given_name , middle_name , nickname , picture , and updated_at claims.

See screenshot below:

This means that you must use a post-login action script to append the zoneinfo and locale as custom claims to your ID token.

Let me know if you have any questions.

Thanks,
Rueben

jochen.walz · July 17, 2024, 4:22am

Thanks for the clarification!

I had misunderstood the documentation - thought that “including” means that these are just examples, and apart from these, the full profile scope as defined in Final: OpenID Connect Core 1.0 incorporating errata set 2 (see 5.4) is supported out-of-the-box. Good to have the confirmation that I found the correct solution .

rueben.tiow · July 17, 2024, 10:56pm

Hi @jochen.walz,

That sounds good!

Feel free to reach out to us again if you have any questions.

Cheers,
Rueben

Topic		Replies	Views
Add Custom Claims to User Profile (User / App Metadata) Get Help jwt , auth0 , rules	4	4888	March 31, 2020
I can't get my custom claim in my idToken Get Help user-profile , user-management	2	1120	May 19, 2023
Best practices for custom claims using OIDC-conformant Auth0.js Get Help auth0js	4	6828	September 3, 2019
Adding customclaim to id token but getting error Get Help user-profile , user-management	2	847	August 22, 2023
Update/add information in token Get Help management-api , users	2	1202	April 5, 2023

Add standard OpenID Connect claims to id token

Related topics