pt3sg (pt3sg) asked a question.
We have created an Okta to Okta federated trust OAUTH2 and that works. However we can’t get the right information from one to the other instances, meaning we are not able to get fields with the right content.
We found one Artical stating that instead of calling OpenID and Profile if we call user info it will get all the required attributes “For certain flows like authorization code flow, when both the token types are requested in the response, you may not be seeing all the claims in the token, this is due to "thin" tokens (tokens that may not have all the claims due to performance reasons). In such cases, please use /userinfo endpoint that returns all the claims” from here: https://support.okta.com/help/s/article/How-to-add-custom-attributes-of-user-profile-as-claims-in-token?language=en_US
We don't know how to configure that in both Oktas. Can somebody share a manual please?
Hi Martin,,
Here is the answer that worked for me,
In order to add new claims to appears on your Okta org’s /userinfo endpoint, please go in your Admin dashboard to API >> Authorization Servers >> default >> Claims tab. From here, please select “Add Claim” and, in the section “Include in token type”, select “ID Token” and “Userinfo / id_token request” instead of “Always”.
You will need to pass scope as scope=openid+email+profile in the url. Yes, with the plus signs in the URL. I am posting it here as this information was not easy to find.
Let me know if that works for you !!
Best
Sandeep Khurana