OpenID with - email in JWT , missing in userinfo

in the last couple days I’m trying to figure out how OpenID works in conjunction with Line : , so I installed openid

The OpenID Connect discovery document for Line is found here:

I setup the openid profile and email scopes.

According to the email address is in the token. And everything looks ok so far when I look in my logs.
I got the email address in the JWT file extracted from the token
OIDC Log: Verified JWT—
sub: Uf3156a0081c563144b3
aud: ‘1657458025’
exp: 1662826967
iat: 1662823367
nonce: f5930aa4c2bd1b3807d

But after requesting
The email address isn’t included. only name and the sub UserId.

A look at the line documents under userinfo seems like this is correct. The userinfo doesn’t include the email.

So what could I do to extract the email address in the JWT response. ? I tried to use claims and maybe there is a way to get it that I’m missing? Or is that going to nowhere? . Makes me dizzy :slight_smile:

Thank you!

I read on the OpenID Plugin Page: openid
If the discovery document includes a userinfo_endpoint parameter, then the plugin will use that to collect user metadata. If not, the plugin will extract metadata from the id_token (A JWT) supplied by the token endpoint.

So one solution would be to tell the plugin not using the userinfo endpoint? That would be great. But I could do that?

Ok, I got it. Maybe not the best solution but because the plugin is using the JWT data if the userinfo endpoint isn’t available, I forked the plugin on github and set in:


line 18 - option :use_userinfo, to false instead of true.

That’s it.

It would be nice to have an option in the settings of the plugin to choose between userinfo or JWT response.