I want to set a top level claim to my Ory Hydra Access Token output. A

username

field. Currently setting

username

to

session.access_token

in OAuth2Consent respond. Also trying to enable

oauth2.allowed_top_level_claims

in my Ory Network OAuth2 Config. However claim gets set to

ext

object, instead of top level. It seems like Ory Network has this configuration field mapped to the

oauth2.session.allowed_top_level_claims

, where as the Open Source project is looking at the

oauth2.allowed_top_level_claims

. Can you check? Open Source: https://github.com/ory/hydra/blob/master/driver/config/provider.go#L91 Ory Network Config in ScreenShot:

Thank you for the report! It is possible that this field is not yet in our setProject API. If you create an issue for it we can tackle this relatively quickly

@high-optician-2097 sorry for not being clear enough. the problem is, even though I set

oauth2/session/allowed_top_level_claims

with the command you sent, or via

update

command. Both cases, I only get

ext.username

. Even though I can validate that

oauth2.session.allowed_top_level_claims

is set. I think the problem is, Ory Hydra is using

oauth2.allowed_top_level_claims

whereas the Ory Cloud

setProject

is configured to use

oauth2.session.allowed_top_level_claims

. So this configuration never works. The documentation also states that this variable should be under

oauth2.

, not

oauth2.session.

Where should I create an issue for this?

Oh I see, that could be a problem in this case! The best place would be github.com/ory/network

@high-optician-2097 Creating an issue! Thanks for the reference!

thank you for debugging 🙂

Created ory/network#232 for this 👍