Unable to get all user claims from getuser()

Questions
1

Hi,

I am new to okta platform.

I had successfully implemented okta login widget to my angular SPA and I’m unable to get user data.

Below is my code.

import {OktaAuthService} from ‘@okta/okta-angular’;

constructor(private oktaService: OktaAuthService) { }

this.oktaService.getUser();

getting reponse =>
{“sub”:“00u174htqa0oWTBvf357”,
“companyID”:34,
“company_id”:34,
“adminappgroups”:[“GSAdminApp-Admin”]
}

needed response =>
{“sub”:“00u174htqa0oWTBvf357”,
“name”:“Naresh P”,“locale”:“en-US”,
email":"naresh.palle@abc.com”,
preferred_username":"naresh.palle@abc.com”,
“given_name”:“Naresh”,
“family_name”:“P”,
“zoneinfo”:“America/Los_Angeles”,
“updated_at”:1566805575,
“email_verified”:true,
“companyID”:34,
“adminappgroups”:[“GSAdminApp-Admin”],
“groups”:[“GSAdminApp-Admin”]
}

My claims in okta

image
image1052×574 29 KB

My scopes

image
image1012×497 25 KB

Thanks,
Gaurav Abbhi

2

Hi @Gaurav

In Okta, please switch the claims from being present always inside the ID token to being present on /UserInfo endpoint. In this way, you should be able to retrieve them successfully through the SDK.

3

Hi, thanks for the the fast response.

I’ve changed all the claims to /userinfo endpoint.

image
image1002×604 32.9 KB

Previous one was
image

Still getting same response =>
getting reponse =>
{“sub”:“00u174htqa0oWTBvf357”,
“companyID”:34,
“company_id”:34,
“adminappgroups”:[“GSAdminApp-Admin”]
}

Thanks,

4

Are you just looking to get the basic user profile information from your /userinfo call?

If so, are you including the ‘profile’ scope in your /authorize request?

If the question is why some of those custom claims are not appearing in the response from the userinfo endpoint, does the user you are testing with have values for these profile attributes? If there is no value present for an attribute mapped to a claim, the claim will not be included in the token/userinfo output.

5

Hi @andrea , thanks for your reply.

I had checked my /authorize request it did’t include profile scope although I am passing scope like this.

widget = new OktaSignIn({
        baseUrl: environment.okta_config.url,
        redirectUri: environment.okta_config.redirectUri,
        authParams: {
            // pkce: true,
            // issuer: environment.okta_config.issuer,
            responseType: ['id_token', 'token'],

> scopes: ['openid', 'email', 'profile','groups']

}
    });

Any guess what’s the problem here do I’m missing anything.

Thanks,

6

Hi @Gaurav

Can you please add inside authParams{} an issuer with the issuer URL available in Okta under Settings tab inside the authorization server administrative window?

The final configuration should look like the following:

widget = new OktaSignIn({
    baseUrl: environment.okta_config.url,
    redirectUri: environment.okta_config.redirectUri,
    authParams: {
        // pkce: true,
        // issuer: environment.okta_config.issuer,
        responseType: ['id_token', 'token'],
        scopes: ['openid', 'email', 'profile', 'groups'],
        issuer: "https://yourOrg.okta.com/oauth2/default"

    }
});
7

Yes, I add the issuer also.
/authorize URL did’t getting parameters after openid.

8

Hi @Gaurav

Can you please open a support ticket with us through an email to developers@okta.com in order to further check the configuration?

1 Like
9

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.