Custom Profile Attributes not Included in getUser response

I’ve read other articles about this but I’m still not able to get it working.
After I get the idToken and accessToken back from a successful login, I use:

let accessToken;

oktaAuth.tokenManager.get(‘accessToken’).then((token) => {
accessToken = token.accessToken;

oktaAuth.getUser(accessToken).then((info) => {

I’m only seeing a reduced set of fields from the user’s profile, not to mention that I’m not getting my custom attribute.

I added the custom attribute to my application’s user profile, not the default profile. I also tried mapping the attribute to the default profile (although I don’t like this solution because I believe it will affect other applications on the auth server).

How do I get the full user profile including the custom attributes?

I’m using the Okta Sign In Widget with Javascript/React.

getUser() method makes a call to /userinfo endpoint and returns its response. The claims returned in the response depends on what type of authorization server you use. Based on your description you might be using a custom authorization server which will not return custom attributes with default configuration. You might have to setup claims to return them. Here is an article on How to Add Custom Attributes of User Profile as Claims in Tokens

Thanks for the response. I’m using the default application server.

I’ve read that article and many like it. I can’t get any of these things to work. If I add ‘address’ to my scopes, I can get the address fields to return. That’s about the only deviation I can get.

I believe my mappings are correct because when I preview the user in the profile mapping tool, the customized values show up correctly.

So the question remains the same: How do I get the custom attributes to return from a default authorization server?

As mentioned in the article I attached earlier, custom attributes are not added as claim automatically when using custom authorization sever (which you are using). You will have to create claims for the ones you want as part of getUser response. Here is how (from the article)

If using a custom authorization server to mint the token (Security > API > Authorization Servers), create a custom claim and give an expression like appuser.{$customAttribute} in the Value field and choose a token type (ID Token/ access token) in which this custom attribute should be.

1 Like

I’m using a custom attribute in the profile. Does that imply that I’m using a custom authorization server because it’s configured with a custom attribute?

The article also says this:

I took that to mean that all I have to do is the mapping. Is that not true?

Because this is what my auth servers look like:

Also, if I have to get my user to add a custom claim to their Okta server when they install my product, will that incur a further cost for them?

Here is a document explaining difference types of authorization serves and which one to use for your use case. Based on your screenshot you are using default custom authorization sever.

As far as cost related to products, you customer might have to refer to your account executive for info. But in general add a claim by itself should not add additional cost as of now.

I was able to get it working using the custom claim as described in the article:

However, the article says that it shouldn’t be needed if I’m using the default authorization server, as I am for my particular SPA. So that’s where the confusion was.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.