I am using OIDC with PKCE flow to fetch access token of user. I am able to successfully get access_token and id_token. i have requested “openid profile email” scope. Also, I have granted below API scopes to the application.
okta.clients.read
okta.sessions.read
okta.users.read
okta.users.read.self
We have custom saleforceId data in user Personal Information. I am not able to fetch this value using oauth2/default/v1/userinfo api.
The /userinfo endpoint will return the users information from their application user profile associated with the OAuth application that was used to retrieve the access_token.
If you want to be able to get an attribute (saleforceId) from the /userinfo endpoint you would create a mapping. See here for attribute mapping documentation.
Another option if you are using a custom authorization server is create a claim in either the id or access token that returns the value directly in the token. See here for creating custom claims.