[SalesForce] OpenID Connect – adding custom attributes (claims) to id token

I'm having trouble getting a custom claim attribute to come through in the id_token. I've got the scope set to openid and I've added the custom attribute to the Connected App (tenantId). I also tried implementing a connected app plugin and overiding the customAttributes method.

I checked Configure Id Token in the connected app config page and made sure custom claims was ticked (along with standard claims).

All of the above, and I keep getting back an id_token without the additional claim information. Have I missed anything? I know that i can make a call to the UserInfo endpoint, but i'm trying to avoid that.

Best Answer

I am able to get custom attributes in the id_token upon enabling Include Custom Attributes as explained in the release notes

Following is what I get when I try the flow using https://openidconnect.herokuapp.com/

{
 "at_hash": "qzgoS_bMJZeqMG891R61HQ",
 "aud": "3MVG9Y6d_Btp4xp6DzCgTCe.0uVYD_Gk1LZ3Dm8V3DepaqufgLARbdL0snwm8_LrT4mdbN_fBxKYoy0UGOHpj",
 **"custom_attributes": {"ProfileCreatedById": "00590000001VSXz"},**
 "exp": 1553370624,
 "iat": 1553370504,
 "iss": "https://login.salesforce.com",
 "sub": "https://login.salesforce.com/id/00D90000000iulkEAA/00590000001VSXzAAO"
}

Best Answer

Related Solutions

[SalesForce] How to install and preauthorize app so I can use the JWT Bearer token flow

[SalesForce] Add custom claims to OpenID Connect id token – Web Server Authentication flow

Related Topic