How to get more claims in /userinfo endpoint

Hi I am trying to get userinfo using the call “https://dev-{oktaID}.oktapreview.com/oauth2/default/v1/userinfo” and I am sending the access_token in this call.

But I am getting only “sub” property in this as:
{
“sub”: “00uhzsq8pw5e6bWGe0h7”
}

But I want more claims like name, email. Please suggest how do I get more claims for /userinfo endpoint

3 Likes

Any reply on this please?

1 Like

Do you have to map the attributes to these variables via profile editor?

1 Like

Have you tried with hitting the same endpoint with an id_token token instead?
Have you tried going directly to the users api and retrieving it using an apiToken token?

Also does it work ok if you remove the default and use and id_token?

Here is the answer that worked for me,
In order to add new claims to appears on your Okta org’s /userinfo endpoint, please go in your Admin dashboard to API >> Authorization Servers >> default >> Claims tab. From here, please select “Add Claim” and, in the section “Include in token type”, select “ID Token” and “Userinfo / id_token request” instead of “Always”.

1 Like

What response type are you using that is returning claims in userinfo?

Userinfo is a seperate REST endpoint specified in your openid metadata via: https://[tenant].oktapreview.com/oauth2/default/.well-known/openid-configuration

i.e. https://[tenant].oktapreview.com/oauth2/default/v1/userinfo

https://developer.okta.com/docs/api/resources/oidc/#userinfo

THIS IS IT!

I have been searching for days for this solution. THANK YOU!

You will need to pass scope as scope=openid+email+profile in the url. Yes, with the plus signs in the URL. I am posting it here as this information was not easy to find.

2 Likes

Who can explain me in more clear way what he wants to say?

You might want to check out the guide we have about creating custom claims for the complete steps: Create Claims | Okta Developer

The key point in @prashant162’s post is that you will want to choose “Userinfo/ id_token request” when you create this ID Token claim so that it is returned when you make a call to the /userinfo endpoint

1 Like