<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000A4QGmmCQGOkta Classic EngineAdministrationAnswered2025-05-03T09:01:12.000Z2024-03-28T23:55:07.000Z2024-04-01T22:57:05.000Z

7wpoz (7wpoz) asked a question.

Edited March 29, 2024 at 12:42 AM
Why can't I see full attributes and claims for my application

I created an application integration (OIDC, Web Application) and assigned a user to the application. From the okta Admin UI, it says: Claims for this token includes all user attribute on the app profile.

Image is not available
 

But, if I go to the third party application, it seem like it's not seeing all the attribute and claim info the the token. It's missing info like user email, title, etc. See output (with data altered):

Attributes:

  issuer:      https://trial-123456.okta.com

  subject:     00xxxxgpi2m1XXXXXX

  token_claims:

  {

  "amr": [

  "swk",

  "okta_verify"

  ],

  "at_hash": "4xxxxQC5gn2WxmtLxxxXXXX",

  "aud": "0oacqqejxcUBxxxxxxx",

  "auth_time": 1711667741,

  "exp": 171112345,

  "iat": 171112345,

  "idp": "00oxxxq78kjXi12345",

  "iss": "https://trial-123456.okta.com",

  "jti": "ID.XXXXXXXbch8tc6j1DoxZakjM_guxFJjAmXXXXXXX",

  "nonce": "EZxxx7KrMwXXXXXXX",

  "sub": "00uxxxgpi2XXXXXXXX",

  "ver": 1

  }

  userinfo_claims:

  {

  "sub": "00uxxxgpi2XXXXXXXX"

  }

  • 3 answers
  • 562 views

  • paul.stiniguta (Okta, Inc.)

    Hello @7wpoz (7wpoz)​ Thank you for reacting out to our Community!

     

    I was able to find an article that should provide some inside on this issue, please see below:

    https://support.okta.com/help/s/article/Okta-Groups-or-Attribute-Missing-from-Id-Token?language=en_US

     

    Additionally if you need further assistance we recommend to leverage the Okta Developer forums for this type of questions and take advantage of their expertise.

    https://devforum.okta.com/

     

    --

    Subscribe Today: The Okta Community is on YouTube

    Expand Post
    Selected as Best

  • 7wpoz (7wpoz)

    Hi @paul.stiniguta (Okta, Inc.)​ , thank you for the reply. Seems like even after adding the additional claims to my default auth server (as instructed by the article), I don't see the claim info on the token. Attached screen shot of my default auth server claims setting. Is it ok to use my default auth server, or do I need to create a new auth server? Any other advice to check? Should I check settings on my Okta application as well? Thank you!

    Image is not available

    Expand Post

  • 7wpoz (7wpoz)

    So it looks the issue was the scope on the app client request. I had to set the scope to "groups" or "profile" or some of the other scopes to see additional attribute and group info. Weird that the "openid" scope didn't include this in the ID token (even though the token preview does show the groups info). Anyway, thank you @paul.stiniguta (Okta, Inc.)​ 

This question is closed.
Loading
Why can't I see full attributes and claims for my application