<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UbTSAVOkta Classic EngineIntegrationsAnswered2024-04-30T09:18:25.000Z2016-08-22T00:56:01.000Z2019-08-21T08:59:43.000Z

TomF.32212 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Passing Custom Attributes with OpenID Connect
Hi there,

 

We are running a proof of concept and trying to get OIDC working.  It's going well so far but I'm struggling with passing custom attributes in the id_token.

 

If I go into profile editor and add a custom attribute to the app profile, e.g. 

oidc_client_1.Test_Reg_ID, it warns me that "local app attributes are only stored in Okta and not created in <App>"

 

I can create a mapping between an attribute in the user profile and the app profile:

 

user.Test_Reg_ID -> oidc_client_1.Test_Reg_ID

 

It populates correctly with the preview.

 

I then go into the app settings and click on people, then open up the 'edit user assignment window' the field Test_Reg_ID is blank.  If I manually put in a value, then it shows up in the id_token when I use scope 'profile'.

 

Is there anyway to map the attribute in the user profile to the app profile?  If not, what is the best way to get custom atrributes showing up in id_tokens?  I don't really want to have to open up every new user and manually populate the attribute.

 

Thank you,

Tom
  • 3 answers
  • 2.38K views

  • j5v7c (j5v7c)

    Hi Tom,

     

    This is a known issue that we will fix by the time our OpenID Connect feature is GA later this year. For the time being, you indeed have to update the app user profile manually. I sincerely apologize for the inconvenience, but feel free to contact our developers support directly at developers at okta dot com for further information.

     

    Thank you for your patience and understanding,

    Raphael.
    Expand Post
    Selected as Best

  • j5v7c (j5v7c)

    Hi Tom,

     

    This is a known issue that we will fix by the time our OpenID Connect feature is GA later this year. For the time being, you indeed have to update the app user profile manually. I sincerely apologize for the inconvenience, but feel free to contact our developers support directly at developers at okta dot com for further information.

     

    Thank you for your patience and understanding,

    Raphael.
    Expand Post
    Selected as Best

  • TomF.32212 (Customer)

    Thank you Raphael, good to know.

     

    Cheers

    Tom

  • KedarP.68556 (Customer)

    I have the similar issue, i am not able to send the app level profile attribute as a claim in access token.

     

    My scenario is

     

    1) i have created on custom attribute in my app user profile. lets say 

     

    oidc_client_8e7472g.test

     

    2) I am able to set value of it in group assignment at application > assignment page.

     

    3) But when i tried to create a custom claim on top of it (using oidc_client_8e7472g.test) it doesn't return anything.

    Expand Post
This question is closed.
Loading
Passing Custom Attributes with OpenID Connect