Share
ReportI have created a custom OIDC identity provider for my Power Pages site, which uses Auth0. Logging into the site via Auth0 is working successfully.
However, my issue is that I cannot get Claims Mapping (for Registration and Login) working - I have tried multiple different mappings of Contact table column to claim, and multiple different formats and have not managed to get a single claim to be captured in the Contact table.
Here are the relevant parts of the configuration of the identity provider & Contact table and some sample claims data:
IDP config:
- Provider name = Auth0
- Authority, Client ID, Client secret​ are all set (without these login would not work at all)
- Metadata address​ = the Authority URL + /.well-known/openid-configuration (have checked that browsing this returns the usual JSON with endpoints etc)
- Scope = openid profile email
- Response type = code id_token
- Response mode = form_post
- Issuer filter = not set
- Validate audience = off
- Validate issuer = off
- Use token lifetime = off
- Contact mapping with email = on
Contact table:
Here are some of the columns I have tried mapping to, and their logical names (the logical name is what I understand has to be used in the claim mapping). Each column's type is Single Line Of Text.
- Full Name = fullName
- First Name = firstName
- Last Name = lastname
- Test = crc8d_test
Site setting to enable UserInfo endpoint
As per docs, I have created a record in the Site Setting table as follows to enable retrieving of claims from the UserInfo endpoint. This was done weeks ago and the site has been manually restarted also, so should have "taken".
(also tried using ../Auth0/... within the setting name, but as all the other settings that belong to my config above have .../OpenId_1/.... I guess that is the right name)
Sample claims JSON
In order to be sure about the claims keys for the mapping, I wrote a .NET OWIN app to perform a login against Auth0 using the same settings as above, and captured the following claims data from the authentication ticket the app got back.
You can see there are claims called "name" & "nickname". There is also a lot of other data in a JSON string in a claim called "userdetails" ... not sure if this is accessible however.
Mappings I have tried
None of the following resulted in data being captured in the in the First Name, Full Name & Test columns in the Contact table:
- firstName=userinfo.nickname,fullName=userinfo.name,crc8d_test=userinfo.userID
- firstName=nickname,fullName=name,crc8d_test=userID
A record does get created in the table with the expected Email the first time a user logs in.
Can anyone point out what I am doing wrong?
Also, if I can get the mapping working, could the serialised data inside my userdetails claim be mapped in a deserialised form, e.g. firstName=userinfo.userdetails.firstName ?
Many thanks
Categories:
I have the same question (0)
All responses (
Answers (
51
