Hi, We got an error two days ago back from our SSO login flow and the user got redirected to

/login/error?id=cd7b4d52-cb5d-45c2-97fc-7fcf6b711c66

is it possible to get a reason for why?

"message": "jsonnetsecure: ERROR: RUNTIME ERROR: Field does not exist: family_name\n\t<https://storage.googleapis.com/bac-gcs-production/[omitted].jsonnet:9:46-64>\tobject <anonymous>\n\tField \"displayName\"\t\n\tField \"traits\"\t\n\tField \"identity\"\t\n\tDuring manifestation\t\n",

This was the error. You seem to have a misconfiguration on your Error UI URL, the path shouldn't be

/login/error

, but

/ui/error

.

Hmm.. Is

family_name

not a standard attribute in Google for SSO? We’ve seen this error very rarely. Is it possible to do a fallback to prevent this from erroring?

Ah, the okay, I thought your users also don't see this error. All good then. I think it depends on the scope the grants? But not a 100% sure on that (and if users can "unselect" scopes you requested). You can check if the value exists in the claims, before accessing it.

I understand 👍 Scopes are

email

/

profile

and they can’t unselect. Anyways I changed it to

displayName: if 'given_name' in claims then claims.given_name + ' ' else '' + if 'family_name' in claims then claims.family_name else '',

Seems to work.