Passing Custom Attributes with OpenID Connect Skip to main content
https://support.okta.com/help/answers?id=906f0000000dfediao&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Tom FreemantleTom Freemantle 

Passing Custom Attributes with OpenID Connect

Hi there,

We are running a proof of concept and trying to get OIDC working.  It's going well so far but I'm struggling with passing custom attributes in the id_token.

If I go into profile editor and add a custom attribute to the app profile, e.g. 
oidc_client_1.Test_Reg_ID, it warns me that "local app attributes are only stored in Okta and not created in <App>"

I can create a mapping between an attribute in the user profile and the app profile:

user.Test_Reg_ID -> oidc_client_1.Test_Reg_ID

It populates correctly with the preview.

I then go into the app settings and click on people, then open up the 'edit user assignment window' the field Test_Reg_ID is blank.  If I manually put in a value, then it shows up in the id_token when I use scope 'profile'.

Is there anyway to map the attribute in the user profile to the app profile?  If not, what is the best way to get custom atrributes showing up in id_tokens?  I don't really want to have to open up every new user and manually populate the attribute.

Thank you,
Tom
Best Answer chosen by Tom Freemantle
Raphael LondnerRaphael Londner (Okta, Inc.)
Hi Tom,

This is a known issue that we will fix by the time our OpenID Connect feature is GA later this year. For the time being, you indeed have to update the app user profile manually. I sincerely apologize for the inconvenience, but feel free to contact our developers support directly at developers at okta dot com for further information.

Thank you for your patience and understanding,
Raphael.

All Answers

Raphael LondnerRaphael Londner (Okta, Inc.)
Hi Tom,

This is a known issue that we will fix by the time our OpenID Connect feature is GA later this year. For the time being, you indeed have to update the app user profile manually. I sincerely apologize for the inconvenience, but feel free to contact our developers support directly at developers at okta dot com for further information.

Thank you for your patience and understanding,
Raphael.
This was selected as the best answer
Tom FreemantleTom Freemantle
Thank you Raphael, good to know.

Cheers
Tom