To have Ory Network return the

phone_number

claim in the OIDC

/userinfo

API call, you need to ensure the following: 1. Identity Schema Includes Phone Number: Your identity schema must define a

phone

(or

phone_number

) trait. For example:

json    {      "traits": {        "phone": {          "title": "Phone",          "type": "string",          "format": "tel",          "<http://ory.sh/kratos|ory.sh/kratos>": {            "credentials": {              "password": {                "identifier": true              }            }          }        }      }    }

This allows users to have a phone number as part of their identity and optionally use it as a login identifier. The

"format": "tel"

enables validation of phone numbers in E.164 format, as recommended by OIDC specs [Customize identity schemas - Phone number](https://www.ory.sh/docs/kratos/manage-identities/customize-identity-schema#phone-number). 2. Scope Must Include

profile

: The OIDC

profile

scope is what typically enables the return of standard profile claims, including

phone_number

, if present in the user's traits [Customize OpenID Connect scope and claims](https://www.ory.sh/docs/oauth2-oidc/openid-connect-claims-scope-custom). 3. User's Phone Number Must Be Set and (Optionally) Verified: The phone number must be present in the user's identity. If you want to return

phone_number_verified

, the phone number should be verified through Ory's verification flows. 4. Userinfo Endpoint Returns Claims from Identity: The

/userinfo

endpoint returns claims based on the user's identity and the scopes requested. If the phone number is present and the correct scope is requested, it will be included in the response. The Ory API reference lists

phone_number

and

phone_number_verified

as standard claims in the userinfo response [Ory API Reference - getOidcUserInfo](https://raw.githubusercontent.com/ory/docs/master/docs/reference/api.json). Summary of Steps: - Add

phone

to your identity schema. - Ensure users have a phone number set (and verified, if needed). - Request the

profile

scope in your OIDC flow. - Call the

/userinfo

endpoint with a valid access token. If all these are set up, Ory Network will include the

phone_number

(and

phone_number_verified

, if applicable) in the

/userinfo

response. > Note: If you have customized claims or need to map a different trait name, you may need to adjust your schema or use custom claim mapping as described in the Ory documentation. If you need to map a custom trait (e.g.,

traits.phone

) to the OIDC

phone_number

claim, you may need to use Ory's custom claims mapping features, but the knowledge sources do not provide explicit step-by-step instructions for this scenario.

Based on the provided knowledge sources, Ory Network does not mention a dedicated phone scope for returning the phone number in the OIDC userinfo endpoint. Instead, the documentation states that the default setup supports the email and profile scopes as defined by OpenID Connect. The profile scope is used to return standard profile claims, which, according to the OIDC specification and Ory's API reference, includes phone_number and phone_number_verified if those traits are present in the user's identity and the scope is requested [Customize OpenID Connect scope and claims](https://www.ory.sh/docs/oauth2-oidc/openid-connect-claims-scope-custom) [Ory API Reference - getOidcUserInfo](https://raw.githubusercontent.com/ory/docs/master/docs/reference/api.json). There is no mention of a phone scope in the Ory documentation or API references. Therefore, you should use the profile scope to have Ory Network return the phone_number claim in the userinfo endpoint. If you need the phone_number claim, ensure: - The user's identity includes a phone trait. - The OIDC request includes the profile scope. I'm sorry, but there's no information in the knowledge sources about a phone scope being supported or required by Ory Network.

In the context of Ory, the identity schema itself does not natively define an organizations field as a standard trait. Instead, organizational membership is managed separately from the identity schema. Ory uses organizations to group users within a project, especially for B2B Single Sign-On (SSO) scenarios. An identity can belong to an organization by associating the identity with an organization ID, but this is not typically done by adding an organizations field to the identity schema traits. Instead, you set the organization_id property when creating or updating an identity to link it to a specific organization. This is useful for pre-provisioning identities or managing organization-specific SSO connections [Pre-provisioning identities in an organization](https://www.ory.sh/docs/kratos/organizations#pre-provisioning-identities-in-an-organization) [Import identities - Organization-specific SAML and OIDC connections](https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities#organization-specific-saml-and-oidc-connections). In summary: organizations is not a standard field in the identity schema traits. Instead, organizational membership is managed via the organization_id property at the identity level, outside of the schema's traits section. If you see organizations in a schema, it is likely a custom field and not used by Ory for its organization management features.

I'm sorry, but the knowledge sources provided do not contain any information about the use or meaning of the following schema snippet:

json "organizations": {   "matcher": "email_domain" }

There is no explicit documentation or example in the sources that explains what this field does or how it is used within Ory's identity schema or organization management features. If this is from a custom implementation or a feature not covered in the official documentation, I recommend reaching out to the Ory team or consulting the latest official documentation for clarification.