Manage OpenID Connect attribute mappings¶
You can map OpenID Connect attributes to default attributes in the organization. This allows applications that implement OpenID Connect login to receive user information in the ID token.
View OpenID Connect attributes¶
To view the OpenID Connect attributes available for your organization:
- On the WSO2 Identity Server Console, go to User Attributes & Stores > Attributes > Manage Attribute Mappings.
- Click OpenID Connect.
You can find the mapped OpenID Connect attributes.
Add an OpenID Connect attribute¶
WSO2 Identity Server supports some OpenID Connect attributes by default. You can add new OpenID Connect attributes as follows:
- On the WSO2 Identity Server Console, go to User Attributes & Stores > Attributes > Manage Attribute Mappings.
- Click OpenID Connect > New Attribute.
-
Enter values for the following properties:
OpenID Connect Attribute The OpenID Connect attribute name that will be shared with applications in the ID token and userinfo responses. User attribute to map to Select the default attribute that should be mapped to the new OIDC attribute. -
Click Save.
For example, shown below is an OpenID Connect attribute mapped to a user attribute in WSO2 Identity Server:
OpenID Connect Attribute | User attribute to map to |
---|---|
email_home |
http://wso2.org/claims/emails.home |
You need to enable email_home
as a requested attribute for your application and also add it to an OIDC scope. You can then configure your application to receive this user information when a user signs in.
After user authentication, you can find the email_home
claim in the ID token, as shown below.
{
"isk": "69b37037a2349763dc48e2a30a62c3feebf0b5823cf869e149352737ddc0ca63",
"at_hash": "7qgloEmkz3kGBTtH7RI4qw",
"sub": "[email protected]",
"amr": [
"BasicAuthenticator"
],
"iss": "https://localhost:9443/oauth2/token",
"given_name": "alice",
"sid": "5580be2b-a12d-43a4-823a-9d1352b88269",
"aud": "UEP40cZTZfxJfGdDWFmTrwqluxoa",
"c_hash": "VlKxb3UhuYtFEG_VftAa0g",
"nbf": 1625557031,
"azp": "UEP40cZTZfxJfGdDWFmTrwqluxoa",
"nickname": "nick",
"exp": 1625560631,
"iat": 1625557031,
"family_name": "john"
"email_home": "[email protected]"
}
Delete an OpenID Connect attribute¶
To delete the OpenID Connect attributes available in your organization:
- On the WSO2 Identity Server Console, go to User Attributes & Stores > Attributes.
- Under Manage Attribute Mappings, click OpenID Connect.
- Select the attribute you wish to delete.
- Click Delete and select the checkbox to confirm your action.
- Click Confirm.
Note
Only custom attributes can be deleted.