I have a custom-build OIDC client that normally connects to an identity provider built with IdentityServer3. Now I’m trying to migrate to Auth0.
Apart from some HS256/RS256 confusion, all I had to do was switch provider URL and enter the appropriate client ID and secret, and I could login an existing user using Auth0.
However, when the Auth0 user is new from the point of view of my application, the application needs to download the user’s profile via the userinfo endpoint.
The IdentityServer3-based provider returns claims such as given_name in the returned object, which if I read the OIDC spec correctly is expected:
How can I make Auth0 do the same thing?
Since I don’t really know how to edit the profile data in Auth0, I added given_name to user_metadata. But the result is that the userinfo response object contains user_metadata/given_name, and my client code doesn’t understand user_metadata.