Moisty Charlie VI•2d ago

How to access custom attributes within federated attributes / mapping attributes

According to the documentation https://zitadel.com/docs/guides/manage/customize/user-metadata. Custom attributes are embedded within

"urn:zitadel:iam:user:metadata":{}

"urn:zitadel:iam:user:metadata":{}

. If we opt to include the custom attribute / metadata within the id token by checking "User Info inside ID Token" in our application's settings. How exactly do we access it within an attribute mapping context?

4 Replies

Ask Inkeep•2d ago

Hi @Moisty Charlie VI, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question. Answer When you enable "User Info inside ID Token" in your application's settings, ZITADEL includes the custom attributes as a base64-encoded object in the claim urn:zitadel:iam:user:metadata inside the ID token (1) . According to the documentation, when you decode the ID token, you will see:

"urn:zitadel:iam:user:metadata": {
  "ContractNumber": "MTIzNA"
}

"urn:zitadel:iam:user:metadata": {
  "ContractNumber": "MTIzNA"
}

The value (e.g., MTIzNA) is base64-encoded and must be decoded to get the original value (e.g., 1234) . This claim is available directly in the token payload. However, the sources do not provide specific instructions or code examples for referencing or mapping this metadata field within an attribute mapping context (such as for SAML attribute mapping or custom claims transformation) (1) (2) (3) . The documentation only describes how to retrieve and decode the value from the token. If you need to use this metadata in a mapping or transformation context (such as in a ZITADEL Action or a SAML attribute mapping) , you would need to access the claim urn:zitadel:iam:user:metadata from the token payload and decode the base64 values. There are no documented mappings or built-in ZITADEL mechanisms in the sources for directly referencing these metadata keys in attribute mapping rules . To learn more, see the sources I considered: [1] User Metadata [2] Code examples [3] Filter which fields are included in "User Info inside ID Token" Feel free to tag @Ask Inkeep with additional questions.

Moisty Charlie VIOP•2d ago

heres an example

Moisty Charlie VIOP•2d ago

do we use json path or some other notation? also is there a way to opt out of the base 64 encoding for custom attributes because i am unsure if the receiving application knows its base64 and will decode it by default

Ask Inkeep•2d ago

Got it. Tagging @Rajat for additional help.

How to access custom attributes within federated attributes / mapping attributes

Did you find this page helpful?