User Attributes

The user attributes section allows you to define custom attributes for your users using Common Expression Language (CEL). These attributes can be used at the current time to:

Enhance OpenID Connect 1.0 claims with dynamic values

Configuration

Example Configuration

This section is intended as an example configuration to help users with a rough contextual layout of this configuration section, it is not intended to explain the options. The configuration shown may not be a valid configuration, and you should see the options section below and the navigation links to properly understand each option individually.

definitions:
  user_attributes:
    # Boolean attribute example
    is_admin:
      expression: '"admin" in groups'

    # String attribute example
    department:
      expression: 'groups[0]'

    # Number attribute example
    access_level:
      expression: '"admin" in groups ? 10 : 5'

Options

This section describes the individual configuration options. Currently, these attribute definitions are used in the OpenID Connect 1.0 Provider.

The key name is the name of the resulting attribute. It is important to note that this attribute name must not conflict with extra attributes defined within the authentication backend, or with the common attributes we have defined.

In the above example the following attributes are added:

is_admin
department
access_level

expression

The Common Expression Language expression for this attribute.

Last updated on February 22, 2025

Edit this page on GitHub

OpenID Connect 1.0 Clients

Definitions

Configuration

Authelia

Title here

User Attributes

Configuration

Options

expression

User Attributes

Configuration#

Options#

expression#

Configuration

Options

expression