For future searches:
I managed to resolve my issue and get updated values by returning the custom fields I need as a part of a user_profile property in the normalized user object parameter of the callback function (of the login script in my custom database connection).
Example:
return callback(null, {
userId: userId,
// ... omitted
user_profile: {
foo: "bar",
custom: "field"
}});
Then I add the custom values I need as a part of the idToken in the form of a Rule.
function (user, context, callback) {
var namespace = 'https://some.namespace.dk/';
if (context.idToken) {
context.idToken[namespace + 'foo'] = user.user_profile.foo;
context.idToken[namespace + 'custom'] = user.user_profile.custom;
}
callback(null, user, context);
}
Now when the user gets updated and logs back in, the properties in the user_profile gets updated every time.
However I’d like to point out that this is not as clear as it could be in the docs - atleast for me.
Reading about user profiles and custom database scripts at User Profiles makes it sound like the app_metadata property can be used to store user related values.
… and the fact I couldn’t find any articles about the user_profile field.
But now after figuring how to solve my problem and how to handle user profile claims in the OIDC way as described in OpenID Connect Scopes it all makes sense again.
It doesn’t really explain why app_metadata doesn’t update on subsequent logins - now it’s just a mystery.
Big shoutout to @jacob.wang who got me in the right direction! Thanks for the help and updating your issue with how you resolved it (User profile not updated when user login (custom connection OAuth2))!