Question:
We are storing application-related data in the app_metadata field of the user. In the past, we were not used to getting the user’s app_metada in the SAML response. Recently we have observed that this app_metadata is included in SAML response, and we are getting the value as [Object, Object] for few attributes of app_meta. Because of the same reason, the payload is increased drastically.
Answer:
You may set passthroughClaimsWithNoMapping to false to avoid root attributes, including app_metadata being passed in the SAML response. Auth0 will then send only a few common attributes to in the SAML response. For the remaining root attributes, you may add them in the mapping section as in the following sample.
"mappings": {
"picture": "picture",
..add any other necessary claim from the user's profile
},
"passthroughClaimsWithNoMapping": false
}
