Dynamic User Attributes Configured In Resource Server Are Not Included In The OAuth Tokens

(Doc ID 2397600.1)

Last updated on MAY 25, 2018

Applies to:

Oracle Mobile and Social - Version and later
Information in this document applies to any platform.


Configured a new OAuth Resource Server, configured a set of Dynamic Attributes, such as to be included in the Access Token (or Refresh Token).

When the client receives it's tokens, there are no additional attributes in the Tokens ...


- Reproduced issue on spreda78 using hrportal application

- mail is set like dynamic attribute in resource server, I login with user.0
i.e. dn: uid=user.0,ou=People,dc=oud,dc=oracle,dc=com

this is access token

{"expires_in":3600,"token_type":"Bearer","access_token":"eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVC.....text omited ......0NgB0f7so3y3bqZR-BkWlh_SHGbfqT0a2uRQUHZocFCxAEREvpmunrICPw24f6KU75IF5YtayGHMKcS7a7ptmBvDmlrapd-byZU0qEnI"}

decoded it on https://jwt.io/ it contain

"sub": "user.0",
"oracle.oauth.user_origin_id_type": "LDAP_UID",
"oracle.oauth.user_origin_id": "user.0",
"iss": "www.oracle.example.com",
"oracle.oauth.svc_p_n": "OAuthServiceProfile",
"iat": 1517493749,
"oracle.oauth.prn.id_type": "LDAP_UID",
"oracle.oauth.tk_context": "resource_access_tk",
"exp": 1517497349,
"prn": "user.0",
"jti": "78b301d0-a687-4904-b7ec-f6b9d5f3e337",
"oracle.oauth.client_origin_id": "2c3e743ff9884fb5a4a5d0f4d2106356",
"oracle.oauth.scope": "ACMECandidateProfileService.http://spreda78:8005/acme/rest/services/profiles/position",
"user.tenant.name": "DefaultDomain",
"oracle.oauth.id_d_id": "12345678-1234-1234-1234-123456789012"

> there is no mail attribute


 Configure Dynamic Attributes in Resource Server


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms