Additional Fields Are Being Added to the id_token

Overview

There are fields that are being added in the id_token (like address), but it appears the whole value is not added.

Applies To

  • id_token
  • app_metadata
  • Standard OIDC claims

Solution

Any fields inserted into the app_metadata for a user, if those field names match any standard OIDC claims then they will be returned in the ID Token automatically (in terms of address, the address scope also needs to be requested).

For example:

  • app_metdata sample:
{
  "address": {
    "country": "UK",
    "street_address": "10 Downing Street",
    "post_code": "SW1A 2AA"
  },
  "gender": "male",
  "region": "south"
}

The following fields are standard OIDC claims from the above snippet: address: {country, street_address} and gender. On requesting an id_token these have duly been output when inspecting the JWT via https://jwt.io/. The non standard OIDC claims post_code and region were not output as expected.