Hi Blake,
You are right, the dot/period . is not allowed in user profile’s field names, not just in app_metadata or user_metadata.
If you try to update the user profile with the following payload it will fail with error Fields with \".\" are not allowed, please remove all dotted fields. Example: user_metadata.foo.bar
{
"user_metadata": {
"foo.bar" : 12345
}
}
However, if the user profile is from an external IdP, such as an OIDC connection in your case, we cannot control the field names of the user profile from the IdP, and it’s not worth to reject the authentication just because we don’t like the dot in the IdP’s user profile. So we replace them with colon :.
As a workaround, you could the following regex in a rule in the 2nd tenant to replace the colon in the field names back to dot:
// change the colon back to dot in the namespaced URL
let new_claim = claim.replace(/(?<!(http|https)):/g, '.');