OpenID Connect User Mapping: how to map a url-namespaced custom claim

Hello. I’m working with an Open ID Enterprise connection, and trying to figure out how to map a url-namespaced custom claim.

I read through the docs Configure PKCE and Claim Mapping for OIDC Connections

but they don’t mention how to access namespaced custom claims

eg, given a custom claim of “http://www.foobar.com/some_value

How would I access it from token set?

This is the rough idea of what I’m trying to do (doesn’t actually work due to invalid syntax)

{
  "attributes": {
    "email": "${context.tokenset}['http://www.foobar.com/some_valuel']",
  },
  "mapping_mode": "use_map"
}
1 Like

Did you manage to find a solution for this? We’re working with AWS Cognito, and they default to their custom claims having the custom: prefix in the key, which Auth0 doesn’t allow due to invalid syntax, and I tried the same string in brackets thing that you pasted above.

We can use a Lambda to modify this at Cognito’s end, but asking all of our customers who might be using Cognito to do this might not be feasible.

Hi @enigma3319, @rushvora,

Welcome to the Auth0 Community!

This issue has been raised up internally and unfortunately regardless of the syntax used namespaced custom claims in OIDC attribute mapping have to comply with standard JS format, so they are currently not supported. It has already been added as an opportunity backlog, but if you feel like it I would encourage creating a Product Feedback so it can reach more visibility and possibly get more votes in order to get implemented.

Thanks,
Remus

2 Likes