Hey guys,
I just configured an OIDC enterprise connection to our existing IDP.
I give the claims: openid email profile
Login works and a user is created in Auth0.
However non of the attributes(especially email) is added to the user.
Do I still need to do some sort of mapping somewhere?
I thought it is sufficient if they are returned in the idtoken?
I came across this issue before, for example with connect2id or netID as IdP. Some IdPs require a claims parameter beside the scope parameter in the authorize request.
(It’s just an assumption that this might be the reason, I suggest to give it a try, or check the docs of your IdP.)
So you would need to adjust/override the authorize URL that is fetched automatically via OIDC Discovery. Note that you would need to URL encode the parameter though. To edit the URL, go to the OIDC Enterprise configuration > Issuer URL > Show Issuer Details > Authorization Endpoint.
@andres.aguiar: Note to you - OIDC Enterprise does not automatically URL encode the query parameter while the Custom Social Connection extension does.