Docs

Manage OpenID Connect attribute mappings

# Manage OpenID Connect attribute mappings

You can map OpenID Connect attributes to default attributes in the organization. This allows applications that implement OpenID Connect login to receive user information in the ID token.

# View OpenID Connect attributes

To view the OpenID Connect attributes available for your organization:

  1. On the Asgardeo Console, go to User Attributes & Stores > Attributes.
  2. Under Manage Attribute Mappings, click OpenID Connect. View OpenID Connect attributes

You can find the mapped OpenID Connect attributes.

# Add an OpenID Connect attribute

Asgardeo supports some OpenID Connect attributes by default. You can add new OpenID Connect attributes as follows:

  1. On the Asgardeo Console, go to User Attributes & Stores > **Attributes.
  2. Under Manage Attribute Mappings, click OpenID Connect.
  3. Click New Attribute.
  4. Enter values for the following properties: Add OpenID Connect attributes
    OpenID Connect Attribute The OpenID Connect attribute name that will be shared with applications in the ID token and userinfo responses.
    User attribute to map to Select the default attribute that should be mapped to the new OIDC attribute.
  5. Click Save.

For example, shown below is an OpenID Connect attribute mapped to a user attribute in Asgardeo:

OpenID Connect Attribute User attribute to map to
email_home http://wso2.org/claims/emails.home

You need to enable email_home as a requested attribute for your application and also add it to an OIDC scope. You can then configure your application to receive this user information when a user signs in.

After user authentication, you can find the email_home claim in the ID token, as shown below.

    {
      "isk": "69b37037a2349763dc48e2a30a62c3feebf0b5823cf869e149352737ddc0ca63",
      "at_hash": "7qgloEmkz3kGBTtH7RI4qw",
      "sub": "[email protected]",
      "amr": [
        "BasicAuthenticator"
      ],
      "iss": "https://accounts.asgardeo.io/t/bitfrost/oauth2/token",
      "given_name": "alice",
      "sid": "5580be2b-a12d-43a4-823a-9d1352b88269",
      "aud": "UEP40cZTZfxJfGdDWFmTrwqluxoa",
      "c_hash": "VlKxb3UhuYtFEG_VftAa0g",
      "nbf": 1625557031,
      "azp": "UEP40cZTZfxJfGdDWFmTrwqluxoa",
      "nickname": "nick",
      "exp": 1625560631,
      "iat": 1625557031,
      "family_name": "john"
      "email_home": "[email protected]"
    }
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

# Delete an OpenID Connect attribute

To delete the OpenID Connect attributes available in your organization:

  1. On the Asgardeo Console, go to Attribute Management > Attributes > Manage Attribute Mappings.
  2. Click OpenID Connect and select the attribute to delete.
  3. Click Delete and select the checkbox to confirm your action.
  4. Click Confirm.
© 2024 WSO2 LLC.