idToken user picture missing

We have a passwordless solution set up and have an action that embeds roles / permissions to the user object response from auth0. Having real trouble though because in all of our environments EXCEPT production we receive the “picture” key with the URL for the gravatar. I tried the custom actions for this project and it logs the URL perfectly fine in Auth0 control panel but even trying to add it manually via

  api.idToken.setCustomClaim('picture', {{basically anything}})

doesnt work, the key is just non-existant when we receive the idToken in production.

The picture claim would imply that scope profile was requested and then granted as part of the login transaction. Do you obtain other claims that are associated with the profile scope like name and updated_at?

If you do:

api.idToken.setCustomClaim('x_custom_picture', {{basically anything}});
api.idToken.setCustomClaim('https://claims.example.com/picture', {{basically anything}});

do you see any or both the claims above returned?

1 Like