https://www.ory.sh/ logo
Join Slack
Powered by
Hey. I'm trying to map a claim for ssn (social sec...
# talk-kratos
p
Hey. I'm trying to map a claim for ssn (social security number) to a trait. But when I do so using jsonnet I get an error saying 
field does not exist: ssn
. How can I solve this issue? Here is my current jsonnet:
Copy code
local claims = std.extVar('claims');

{
  identity: {
    traits: {
       ssn:  claims.ssn
    },
  },
}
p
Does 
ssn
exist in the claims? You can print the claims to see what's in there. Use 
std.trace(str, rest)
. https://jsonnet.org/ref/stdlib.html.
Is this via social-sign in? I doubt the SSN would be in there if so.
p
Interesting. Tried the std.trace and the ssn are not present but is that because it doesn't exist on the Claims object? Because when I try the flow via postman the ssn + more claims exist on the ID token.
This is a generic provider and it is providing users ssn and more 🙂
The provider in question is criipto FYI.
p
You may need to request specific scopes in your request. https://docs.criipto.com/verify/getting-started/oidc-intro/#the-scope-parameter
Looks like there is a specific 
ssn
scope you need to request.
Add that to the 
scopes
stanza in your kratos.conf.
Not sure if that'll work. You'll need to read the criipto docs to confirm.
p
I've tried to add the scope but by default it sends all of them so I don't think that is the issue. I think the issue is that Kratos filter out all claims that don't match the JSONNET claim object. I could be wrong but that's my theory. I have created an issue in Kratos to track this: https://github.com/ory/kratos/issues/2697
Open in Slack
PreviousNext
Powered by