My Oracle Support Banner

Dynamic User Attributes Configured In Resource Server Are Not Included In The OAuth Tokens (Doc ID 2397600.1)

Last updated on AUGUST 29, 2019

Applies to:

Oracle Mobile and Social - Version and later
Information in this document applies to any platform.


Configured a new OAuth Resource Server, configured a set of Dynamic Attributes, such as to be included in the Access Token (or Refresh Token).

When the client receives it's tokens, there are no additional attributes in the Tokens ...


- Reproduced issue on spreda78 using hrportal application

- mail is set like dynamic attribute in resource server, I authenticate with user.0
i.e. dn: uid=<UID>,ou=People,o=company

this is access token


decoded it on it contain

"sub": "<UID>",
"oracle.oauth.user_origin_id_type": "LDAP_UID",
"oracle.oauth.user_origin_id": "<UID>",
"oracle.oauth.svc_p_n": "OAuthServiceProfile",
"iat": 1517493749,
"oracle.oauth.prn.id_type": "LDAP_UID",
"oracle.oauth.tk_context": "resource_access_tk",
"exp": 1517497349,
"prn": "user.0",
"jti": "78b301d0-a687-4904-b7ec-f6b9d5f3e337",
"oracle.oauth.client_origin_id": "<STRING>",
"oracle.oauth.scope": "<NAME>.http://<HOST>:<PORT>/name/rest/services/profiles/position",
"": "DefaultDomain",
"oracle.oauth.id_d_id": "<ID_STRING>"

> there is no mail attribute


 Configure Dynamic Attributes in Resource Server


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.