Include custom attributes in OpenId Connect id_token? Skip to main content
https://support.okta.com/help/answers?id=9062a000000bme6qai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Ricardo MorinRicardo Morin 

Include custom attributes in OpenId Connect id_token?

Hi,

How could I add custom user profile attributes in the id_token returned by the Okta OpenId Connect authentication? Is there a way to define custom scopes that would return one or several user profile attributes associated with those scopes?

Thank you,

Ricardo
Ricardo MorinRicardo Morin

Ok, I am going to go ahead and aswer my own question here, in case someone else runs into the same scenario.

If you add a custom field to an application user profile, it will be automatically added to the id_token if the "profile" scope is requested. It is is that simple.

However, I have not found a way to define a custom scope that would return only a subser of the custom fields defined. But that is not a show stopper for me.

Raphael LondnerRaphael Londner (Okta, Inc.)
Hi Ricardo,

You are correct that you cannot add custom scopes with our OpendID Connect implementation. You will need to get access to our API Access Management (https://www.okta.com/blog/2016/08/api-access-management/" target="_blank) product which is currently in beta. You can sign up to be part of the beta for that new product at https://oktabeta.zendesk.com (https://oktabeta.zendesk.com" target="_blank) if that is of interest to you.
Ewan ChiltonEwan Chilton
Hi Raphael,

Can you clarify a bit? Are you saying that the access token will not contain claims that we setup when using OpenId Connect?

I can get them with the OAuth ResourceOwner Flow.