OIDC enterprise connection claim mapping

Hey guys,
I just configured an OIDC enterprise connection to our existing IDP.
I give the claims: openid email profile
Login works and a user is created in Auth0.
However non of the attributes(especially email) is added to the user.
Do I still need to do some sort of mapping somewhere?
I thought it is sufficient if they are returned in the idtoken?

Thanks,
Markus

Hi @markus3,

Welcome to the Auth0 Community Forum!

Can you explain a little bit more about you implementation?

Are you using an sdk? can you post the code you wrote to get the tokens and user profile?

Thanks,
Dan

Hi @markus3

What IdP are you connecting to? Are you sure the id_token is generated with the proper claims?

Thanks!

I came across this issue before, for example with connect2id or netID as IdP. Some IdPs require a claims parameter beside the scope parameter in the authorize request.

Such as:

https://my.identityprovider.xyz/authorize?claims={"userinfo":{"birthdate":{"essential":true},"gender":{"essential":true},"email": {"essential":true},"email_verified": {"essential":true},"given_name": {"essential":true},"family_name":{"essential":true},"phone_number":{"essential":true},"phone_number_verified":{"essential":true}}}

(It’s just an assumption that this might be the reason, I suggest to give it a try, or check the docs of your IdP.)

So you would need to adjust/override the authorize URL that is fetched automatically via OIDC Discovery. Note that you would need to URL encode the parameter though. To edit the URL, go to the OIDC Enterprise configuration > Issuer URL > Show Issuer Details > Authorization Endpoint.

@andres.aguiar: Note to you - OIDC Enterprise does not automatically URL encode the query parameter while the Custom Social Connection extension does.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.