Why I do not see all attributes in userinfo-endpoint?

The attributes shown in the userinfo-endpoint depend on the issued access token, scopes and profile visibility. Therefore, the app which issues the access token needs to be configured appropriately. Which means the app has to include certain scopes (in general App Settings), response types in OAuth2/OIDC Settings and if needed additional access token fields in token settings (both in Advanced App Settings).

What is a scope?

Scopes are a concept used in the OAuth 2.0 specification to specify the access privileges when issuing an Access Token. Using scope parameter to access claims all the information defined inside the scope are returned. E.g., if we use profile scope, it will get: name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale and updated_at

What is a claim?

A claim is a piece of personal information that might be needed for the sign in and to better personalize the user experience including the locales. The OpenID Connect has standard claims and custom claims. You can request claims in scope parameter and claim parameter and get it back in userInfo endpoint. The claim parameter is used to ask specific mandatory or optional fields.

OIDC standard specifies a standard set of claims which can be requested to be returned UserInfo Response (or in the id token): sub, name given_name, family_name, middle_name, nickname, preferred_username, profile, picture, website, email, email_verified, gender, birthdate, zoneinfo, locale, phone_number, phone_number_verified, address and updated_at.

An alternative to the userinfo-endpoint might be the "find-users-by-filter"-endpoint where you can get user information using different filters, please take a look here

Need Support?

Please contact us directly on our support page