User metadata
By default users who authenticate via OpenID Connect will have some additional metadata fields. These fields will include every OpenID Claim that is provided in the authentication response (regardless of whether it is mapped to an Elasticsearch user property). For example, in the metadata field oidc(claim_name)
, “claim_name” is the name of the claim as it was contained in the ID Token or in the User Info response. Note that these will include all the ID Token claims that pertain to the authentication event, rather than the user themselves.
This behaviour can be disabled by adding populate_user_metadata: false
as a setting in the oidc realm.