Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
token-exchange
Describe the bug
When I set up external-to-internal token exchange for an access token that is a JWT, or an ID token, and use the userinfo endpoint to validate the token, the claims from the token are not available for mappers as they are not put to the context.
Version
main
Regression
- The issue is a regression
Expected behavior
The access token (if it is a JWT and an access token is exchanged) or the ID token (if an ID token is exchanged) should be available for mappers.
This is essential for example for EntraID, where an access token contains all the information for oid and tid, while the information returned from the user info endpoint does not.
Actual behavior
They are not available for mappers. Only attributes from the user info endpoint are available.
How to Reproduce?
Set it up as above. Test it with a claim that is present in the ID or access token, but is not shown in the user info endpoint.
Anything else?
I'll create a PR.