When adopting the OIDC compliant flows in Auth0, app_metadata
and user_metadata
are not included in the userinfo
endpoint any longer. To include custom claims in the userinfo
endpoint, we now need to add namespaced claims to the id_token
using a rule.
context.idToken[namespace + ‘example’] = user.user_metadata.example;
My question is, is it possible to include custom claims in the userinfo
endpoint and not include them in the id_token
?
As far as i understand, we have to include any custom claims in the id_token
for them to show up in the userinfo
endpoint. If so, then why use the userinfo
at all?