The only way I can force an update through is by deleting the user account - which then will be regenerated upon next authentication and the values are updates. I’d rather not use this approach since it’s will remove stats an etc.
For future searches:
I managed to resolve my issue and get updated values by returning the custom fields I need as a part of a user_profile property in the normalized user object parameter of the callback function (of the login script in my custom database connection).
Then I add the custom values I need as a part of the idToken in the form of a Rule.
function (user, context, callback) {
var namespace = 'https://some.namespace.dk/';
if (context.idToken) {
context.idToken[namespace + 'foo'] = user.user_profile.foo;
context.idToken[namespace + 'custom'] = user.user_profile.custom;
}
callback(null, user, context);
}
Now when the user gets updated and logs back in, the properties in the user_profile gets updated every time.
However I’d like to point out that this is not as clear as it could be in the docs - atleast for me.
Reading about user profiles and custom database scripts at User Profiles makes it sound like the app_metadata property can be used to store user related values.
… and the fact I couldn’t find any articles about the user_profile field.
But now after figuring how to solve my problem and how to handle user profile claims in the OIDC way as described in OpenID Connect Scopes it all makes sense again.
It doesn’t really explain why app_metadata doesn’t update on subsequent logins - now it’s just a mystery.