Hi,
I need so send a scoped user attribute that doesn’t exist 1:1 in my user-directory to a specific OIDC client, preferably as “email” claim but a custom claim may also work.
In the specific use-case the value must be “username@domain.tld” with the username being the actual username of the user and “domain.tld” being a fixed hardcoded value.
I see two ways to construct this claim.
- just append “@domain.tld” to the username
- filter a given multi-value attribute of my users to match “*@domain.tld”, as it is available as one of the users email aliases
Is this somehow possible just via configuration? I know I can add mappers on the client specific scope to add hardcoded claims - but I haven’t found any information about using placeholders there to e.g. create “{username}@domain.tld”. It just allows for values that are hardcoded and identical for all users, right?
Example:
user: {
username: "max",
email: "max.m@different-domain.tld",
alias: ["max.m@different-domain.tld","max@domain.tld","mm@3rd-domain.tld"]
}
-> id_token: { ... email: "max@domain.tld" ... }