Attribute mappings and custom claims in /userinfo


For the OIDC authorization code flow, when I make a request to /userinfo with the access token, it only returns these attributes;

  • sub
  • name
  • locale
  • email
  • preferred_username
  • given_name
  • family_name
  • zoneinfo
  • updated_at
  • email_verified

However there are some extra attribute mappings on the app profile mapping. I can validate it via preview and see that user.primaryPhone is also mapped.

Additionally, I configured a custom claim as below. But still, I don’t see this attribute in the response body returned from /userinfo endpoint. Is there anything I’m missing here ?


Which authorization server are you making a request to, aka, what’s the iss claim in your token/what is the request URL?

Side note, if you want the user’s phone number, make sure to request the phone scope.

The default auth server, iss claim is Okta server url, and the url I’m making request to is okta_ server_url/oauth2/v1/userinfo
I also tried sending extra query params as “openid profile email phone address” but didn’t work.

hmm… And the user you’re testing with definitely has values for these attributes? Are the values only present in the Okta user profile (aka Universal Directory, or UD) or are they also mapped into the application user profile?

Yes, I validated it in two ways. I can see those attributes on the profile editor preview page, and the token preview page.