Auth0 Home Blog Docs

OIDC-conformant no user_metdadata recieved


OIDC-conformant is enabled in my application and my scope contain user_metadata
Scope = “openid email profile user_metadata app_metadata picture”

but iam not recieving any user_metadata in claims.
im developing using c#
string userMetadata = ((ClaimsIdentity)User.Identity).FindFirst(“user_metadata”)?.Value
return always null, Any help?


Hello @samer13us,

You can add data from user_metadata and app_metadata to your tokens by using custom claims.

1 Like

can you provide me sample code ?


If you go to ‘Rules’ in your tenant and click ‘Add Rule’, you’ll get a page of templates for many common scenarios. The code for the templates are also available here:

A typical “add attribute to claim” rule looks something like (I don’t know javascript so there may be better ways to do this):

function (user, context, callback) {
  if (user.app_metadata.my_attribute) {
    context.accessToken[''] = user.app_metadata.my_attribute; 
  callback(null, user, context);

sorry, but no clear steps exists no example from a to z To show the case


Hello @samer13us,

There are plenty of well documented examples in the documentation, but here is one of my own. If you have, for example, the following in app_metadata:

"app_metadata": {
    "roles": [

Then the following rule will add the list of roles to the ID token:

function (user, context, callback) {
  // Adds roles list to idToken.
  user.app_metadata.roles = user.app_metadata.roles || [];
  context.idToken[""] = user.app_metadata.roles; 
  callback(null, user, context);

Dear this is what i did:
i added new rule -->

function (user, context, callback) {
  const namespace = '';
  context.idToken[namespace + 'picture'] = user.picture;
  context.idToken[namespace + 'color'] = user.user_metadata.color;
  callback(null, user, context);

but still when logged in no user_metadata received in ((ClaimsIdentity)User.Identity)?
how to extract the user_metadata from ((ClaimsIdentity)User.Identity) not from calling API" + nameIdentifier)


OK finally i solve it by doing the following :
1.go to your dashboard on rules
3.add new rule (empty rule)
4.copy/past this script
Note don’t use your auth0 app domain ,use your original domain

   function (user, context, callback) {
  var namespace = '';   
   if (context.idToken && user.user_metadata) {
    context.idToken[namespace + 'user_metadata'] = user.user_metadata;
  if (context.idToken && user.app_metadata) {
    context.idToken[namespace + 'app_metadata'] = user.app_metadata;
  callback(null, user, context);

6. you will receive the user_metadata with ((ClaimsIdentity)User.Identity)
this is in C# :

string userMetadata = ((ClaimsIdentity)User.Identity).FindFirst("")?.Value;


Hello @samer13us,

I’m glad you were able to get this working. Just a couple notes:

  1. The namespace is just a URL formatted string and can be anything. It does not need to be a functioning URL. As you have noted, it is common practice to use a string based on your own domain name since this should always be unique,
  2. It is a best practice to minimize the amount of data you include in your tokens. Including all of app_metadata and user_metadata will work, but the recommended practice is to include just those attributes your application requires.

All the best.

closed #11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.