Retrieving Custom Attributes from Primary Authentication Response

I’m currently adding Custom Attributes to my User Schema using the provided Postman Schema API. However I want these custom attributes to appear in the profile data set returned from POST Primary Authentication, where login, firstName, lastName, etc are shown:

    {
"expiresAt": "2019-07-08T22:10:30.000Z",
"status": "SUCCESS",
"sessionToken": "20111DhPBdhb7dqy1ZKNGzMRH2",
"_embedded": {
    "user": {
        "id": "00utvatjq356",
        "passwordChanged": "2019-07-08T18:03:17.000Z",
        "profile": {
            "login": "isaac@testemail.com",
            "firstName": "Test",
            "lastName": "User",
            "locale": "en",
            "timeZone": "America/Los_Angeles",
            "myCustomAttribute": "customAttribute"
        }
    }
},
"_links": {
    "cancel": {
        "href": "",
        "hints": {
            "allow": [
                "POST"
            ]
        }
    }
}

}

This issue I’m having is nearly identical to the unanswered question here. I was able to successfully create custom attributes but I am unable to find a way to retrieve them from the Primary Authentication response body. Is there a configuration which needs to change for these custom attributes to appear in the response body or is this even possible at all?

Hello @KareemDev

The /authn endpoint will always return upon successful responses a limited set of the user’s profile as enumerated here - https://developer.okta.com/docs/reference/api/authn/#user-profile-object

This endpoint is not intended to provide user profile-related details.

If your intention is to retrieve user profile attributes upon successful authentication, you could add to your current flow a XHR request to /api/v1/users/{{userid/login}} which should also return the custom attribute values, if they exist. Any authenticated browser request to the above mentioned endpoint will be allowed only for the authenticated user.

For example, the user login is isaac@testemail.com, if a XHR request is made on the browser authenticated with this user login on /api/v1/users/isaac@testemail.com Okta will return a successful response.

Hey @adrian.lazar,

Thanks for the response! I just wanted to confirm, do you know if there are any authentication endpoints besides this one that could have their response structures customized in the way I was suggesting? I agree that an additional XHR request would work, but want to be sure before I go down that route.

@KareemDev There are no other authentication endpoints, nor the current ones can be customized.