Auth0 Home Blog Docs

Only include specific claims in UserInfo (OIDC Compliant Flow)



When adopting the OIDC compliant flows in Auth0, app_metadata and user_metadata are not included in the userinfo endpoint any longer. To include custom claims in the userinfo endpoint, we now need to add namespaced claims to the id_token using a rule.

context.idToken[namespace + ‘example’] = user.user_metadata.example;

My question is, is it possible to include custom claims in the userinfo endpoint and not include them in the id_token?

As far as i understand, we have to include any custom claims in the id_token for them to show up in the userinfo endpoint. If so, then why use the userinfo at all?