The auth0 docs for OIDC attribute mapping provide numerous examples of providing custom claims. For instance, it includes this example of providing a sf_community_id
field:
"attribute_map": {
. . .
“attributes”: {
…
“sf_community_id”: “3423409219032-32”
}
}
However, I believe I’m observing that the claim mapping only supports the non-restricted claims list for the mapping, as evidenced by the id_token
generated by the following mapping:
{
"attributes": {
"name": "${context.userinfo.given_name}",
"email": "${context.userinfo.email}",
"birthdate": "${context.userinfo.birthdate}",
"family_name": "${context.userinfo.family_name}",
"phone_number": "${context.userinfo.phone_number}",
"sf_community_id": "123456",
"nickname": "foo"
},
"mapping_mode": "use_map"
}
{
"family_name": "<redacted>",
"nickname": "foo",
"name": "<redacted>",
"picture": "<redacted>",
"birthdate": "<redacted>",
"updated_at": "2023-10-11T15:21:11.900Z",
"email": "<redacted>",
"iss": "<redacted>",
"aud": "<redacted>",
"iat": 1697037672,
"exp": 1697073672,
"sub": "<redacted>",
"sid": "<redacted>",
"nonce": "<redacted>"
}
Here, we see “nickname” has been set to the constant “foo”, but there is no “sf_community_id” present.
In our example we desire to map custom claims from the external IDPs userinfo
, in a manner consistent with the other userinfo fields.
The docs indicate that this should be supported, and I’m unclear if there are any other dependencies I’m not tracking.
What is the recommended approach to solve for this mapping scenario?