Custom user properties and user object discrepancies

sdunning · October 26, 2021, 9:48pm

I have custom user properties defined at the application level for users. I think that I figured out the answer to my first question but I’ll go ahead and ask anyway.

When retrieving a user via /api/v1/users/${userId} I do not see any custom properties returned in the profile. The /api/v1/apps/${applicationId}/users/${userId} will return the user with custom properties I need. My question is: Is the apps API the only method in which I can get custom properties. If so that is problematic in that my app has to know the application Id which of course I do not store in my application and would necessitate a bunch of extra api calls along with knowledge of at least the app name by my application in order to query for the id
Second question: Why the discrepancy between the user object returned via the users API (User object) and the apps API (Application User object). For example the former returns firstname and lastname while the latter returns given_name and family_name. I see that happens in the Okta app mappings but why?? It will make it difficult to use a common schema if I need to interact with both API’s. There are other differences such as the contents of the credentials property that aren’t part of the mapping. Any suggestions for dealing with the differences?

Some background: I’m building a custom interface in my application for maintaining user profiles and in most cases the users API would meet the needs, however, in a particular use case I need to search for users having a certain value in a custom property.

sdunning · October 26, 2021, 10:15pm

I kind of see how/why the Okta app user is different in that the Okta app is about scoping things for OAuth authentication purposes just a bummer the Okta user profile wasn’t made to match but I’m sure there was a reason for that.

Anyway, it’s making me rethink my design a bit. I am storing authorization data for my application into the custom properties. The reason for putting them into the Okta apps is that I wanted to sandbox them for our different environments (dev, staging, production, etc.) into separate apps in order for users to have different permissions in each environment.

sdunning · October 27, 2021, 1:24pm

I think that I have a working solution and wanted to float it here to get feedback.

If I move the custom property from the Okta app into the default user profile and then map it both ways in the application profile I would then have access to it in one place in the user profile. What I’m unsure about and wanted to validate is that the mapped attribute is still available to my authorization serve’s claims?

This is an example of the current claims in my auth server for the app level custom properties

Name                Value                       Scopes    Type   Included
user_permissions	appuser.user_permissions	profile	access	Always

sdunning · October 27, 2021, 6:14pm

Moving the custom attribute from appuser.profile to user.profile looks like it will accomplish what I need.

system · October 28, 2021, 6:14pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Inconsistency of custom attributes in api responses OAuth/OIDC	2	1672	February 15, 2024
Authenticated as users, how do you get and modify custom attributes for users in your app? API api	5	7829	January 24, 2024
Get User information including Custome attributes API	2	6246	August 23, 2017
Attribute mappings and custom claims in /userinfo API	7	3357	December 28, 2022
Custom Profile Attributes not Included in getUser response OAuth/OIDC	7	1383	March 20, 2024

Custom user properties and user object discrepancies

Related Topics