PKCE Facebook Authentication id_token missing values

ah420 · March 17, 2022, 7:41pm

Hi, I am using PKCE flow in my react native app to call /oauth/token to authenticate users who sign in with Facebook. I’m receiving the access_token and id_token successfully but the id_token is missing some information, namely gender and birthday. I can see these permissions are working fine in my Facebook dev console and in auth0 since when I go into user management and click on my account the information is there, but it’s just not being returned with the rest of the values in the id_token. Do you know why this is? I’ve posted snippets below with some PID removed:

			let authUrl = `${global.A0_DOMAIN}/authorize?` + this.toQueryString({
				audience: global.A0_API_AUDIENCE,
				client_id: global.A0_CLIENT_ID,
				response_type: 'code',
				connection,
				scope: 'openid profile email offline_access',
				redirect_uri: redirectUrl,
				nonce: 'test',
				code_challenge: challenge,
				code_challenge_method: "S256",
				max_age: 1,
				prompt: 'select_account'
			});


			const result = await AuthSession.startAsync({
				authUrl: authUrl
			});

				let res = await axios({
					method: 'post',
					url: <java endpoint that calls /oauth/token>,
					data: {code, verifier, redirect: redirectUrl}
				});

Java call to /oauth/token:

        HttpResponse<OauthTokenDto> response = Unirest.post(auth0Issuer + "oauth/token")
                .header("content-type", "application/x-www-form-urlencoded")
                .body("grant_type=authorization_code&client_id=" + CLIENT_ID + "&code_verifier=" + data.getVerifier() + "&code=" + data.getCode() + "&redirect_uri=" + data.getRedirect())
                .asString();

decoded returned id_token:

{
  "https://.../is_new": false,
  "given_name": "FName",
  "family_name": "LName",
  "nickname": "NName",
  "name": "Name",
  "picture": "www.google.com",
  "updated_at": "2022-03-17T19:03:28.964Z",
  "email": "...@....com",
  "email_verified": true,
  "iss": "https://..../",
  "sub": "facebook|12345",
  "aud": "t09yZwzUkAprp7buH83DRfyDV6dItVFB",
  "iat": 1647543813,
  "exp": 1647579813,
  "auth_time": 1647543803,
  "nonce": "test"
}

How can I add the gender and birthday to the id_token? Everything I see says I need to add the openid profile scope but I already have that. Thanks

ah420 · March 17, 2022, 8:57pm

Actually on a second look the gender isn’t even being added to the user’s profile in auth0, only the birthday. Even though it’s requesting the gender permission from Facebook it doesn’t get added to the profile. Is there a way to add the gender to the profile without having to make a call to Facebook Graph API every time?