Hey, I am trying to have the phone_number identity trait to appear on the OIDC userinfo endpoint response. I include the profile scope, I have the phone_number filled in on the user I'm requesting info on, my OAuth2 client has the profile scope, I include it in the auth call scopes list, and still no luck. Email appears with the email scope successfully, and I tried adding the phone scope just in case, still no result. Is the token-hook my only option?

This is something that is handled by the consent UI. Do you use the account experience, or have you looked into a custom consent UI?

We have been skipping the consent UI, as we are having our customers consent by using the outer system already. Is it not achievable without the consent UI?

the consent ui can set additional claims, but it can also do so without user input, which is what the skip option does you can read more on customizing claims here: https://www.ory.sh/docs/oauth2-oidc/openid-connect-claims-scope-custom

Hi @steep-lamp-91158 thanks for the feedback, I work with Andrii. Just a couple confirmation questions. If we have phone_number as a trait in the identity schema (we also verify the number, similar to how emails are verified). The client we are setting up is a trusted client, so we are skipping the consent screen. What we are finding is that when the client calls userInfo. We're not getting the phone_number claim returned. We've tried with scopes set with profile and phone, but still no luck. We wanted to check if Ory handles this situation as standard, or do we need to create a webhook to grab the phone_number for the user and return it as a custom claim?

You can check out what we do here: https://github.com/ory/kratos-selfservice-ui-node/blob/4e313b60a2201b1c0bec8e86fa42677ef001ab3e/src/routes/consent.ts#L15 As you can see, the consent UI populates the session also when it is skipping the consent (L109), which is now the information are added to the token. In a hook you will not have the user's session cookie, but you can use the subject ID to fetch the identity from the admin API. Only some well-known scopes are supported right now, which does not include the phone number in any way.

@steep-lamp-91158 thanks for the feedback! so it would be a custom claim webhook. Any plans to include phone_number as its pretty useful because you also support using it for login/verification?

there are plans but it is on the low prio backlog