Email claim inside id_token

I tried to add ‘email’ as a claim in id_token, but when I tried to use ‘email’ it complained ‘The claim name must be unique within an authorization server.’

Everything works if I use some other name like ‘user_email’, but I would like to use ‘email’.

How can I accomplish this?

Thank you!

If you request the “email” scope, we will automatically include this value in the ID token as the “email” claim, which is why you are seeing this error. Details about the scope-dependent claims found here: OpenID Connect & OAuth 2.0 API | Okta Developer

Thank you very much for your quick reply. So I added scope & response_type to my call but I still don’t get email. It looks like as follows:

https://<my okta domain>/oauth2/default/v1/token
response_type=id_token&scope=email&grant_type=authorization_code&code=<code> &redirect_uri=<my redirect uri>

Is this what you are suggesting to do? What am I doing wrong?

What flow are you trying to use? You shouldn’t be hitting the token endpoint when completing implicit flow, which is the flow being used when the response_type=id_token.

If you are trying to use implicit flow (which we don’t typically recommend people use at this point as it is less secure that authorization code flow), you’ll want to follow the steps in this guide about how to make the authorize call, in the browser, to get a token back: Implement authorization by grant type | Okta Developer. Make sure the scopes for your requests includes both openid (required for OIDC flows returning an ID token) and email