Idea ID: 2872400

Userinfo endpoint should show only selected attributes.

Status : New Idea

Hi all,


NAM 451 / OAuth:


1.Customer has created only an attributeset containing all attributes that can be used for OAuth2 application, same they did for SAML2 

2.On the scope they link this selecting the needed attributes, so only a few of them: i.e. LDAP Attribute uid and flagged "Included in Access Token" and "Inclulded in ID token"

3.Despite their configuration when they hit the  userinfo endpoint all attributes are showed and not only the one point #2,

This is working as designed as far as I understood.

To workaround this “issue” they should create an attribute set for each scope with only the attribute needed, but it would a huge and tricky work.

So what the customer think is that NAM when userinfo endpoint is hit, should show only the attribute selected.

It is possible to modify this behaviour?