Auth0 Home Blog Docs

How to normalize user profile in id_token?

token
user-profile
single-sign-on

#1

I’m setting up a Single sign-on with a custom database and in Auth0 a user has a given_name, name and nickname. In our database users have a firstname and surname. What I would like to do is include some of our user properties in the id_token.

In our database connection Login script I have the following to include our firstname and surname in the Auth0 user profile -

function login(email, password, callback) {
  mongo('mongodb://user:password@mongodatabase:port/db', function (db) {
    var users = db.collection('users');
    users.findOne({ email: email }, function (err, user) {

      if (err) return callback(err);
      if (!user) return callback(new WrongUsernameOrPasswordError(email));
      bcrypt.compare(password, user.password, function (err, isValid) {
        if (err) {
          callback(err);
        } else if (!isValid) {
          callback(new WrongUsernameOrPasswordError(email));
        } else {
          callback(null, {
            user_id: user._id.toString(),
            email: user.email,
            firstname: user.firstname,
            surname: user.surname
          });
        }
      });
    });
  });
}

I can see that this information is now in the Auth0 user profile correctly. The next step is to include it in the id_token with the following rule which doesn’t seem to work -

function (user, context, callback) {
  var namespace = 'https://domain.com/';
  context.idToken = context.idToken || {};
  'firstname', 'surname'].forEach(function(item) {
    context.idToken[namespace + item] = user[item];
  });

  callback(null, user, context);
}

Can you please help me figure out what could be the problem? When I test this rule I get the following output -

The rules context is:

{
  "clientID": "123456789",
  "clientName": "MyWebApp",
  "connection": "MyDbConn",
  "connectionStrategy": "auth0",
  "protocol": "oidc-basic-profile",
  "request": {
    "query": {
      "scope": "openid"
    },
    "body": {},
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36",
    "ip": "X.X.X.X",
    "geoip": {
      "country_code": "AR",
      "country_code3": "ARG",
      "country_name": "Argentina",
      "region": "08",
      "city": "Federal",
      "postal_code": "3180",
      "latitude": -30.954599380493164,
      "longitude": -58.78329849243164,
      "continent_code": "SA",
      "time_zone": "America/Argentina/Buenos_Aires"
    }
  },
  "samlConfiguration": {},
  "stats": {
    "loginsCount": 5
  },
  "accessToken": {},
  "idToken": {
    "https://domain.com/firstname": "Code",
    "https://domain.com/surname": "Monkey"
  }
}

#2

Does it make a difference that the identity provider I setup in Auth0 uses SAML?