🚀 Feature: Claim field override or custom per service mapping templating #403

New Issue

Open

opened 2026-02-04 19:30:13 +03:00 by OVERLORD · 7 comments

OVERLORD commented 2026-02-04 19:30:13 +03:00

Owner

Copy Link

Originally created by @Ulrar on GitHub (Aug 2, 2025).

Feature description

Some basic templating support in the Custom Claims section of the user, to override fields such as email with something like $serviceName. There may be a better way of doing this, that's just the first thing that came to mind.

Pitch

I realize this is a bit of a niche use case, but I use a different email address per service. Currently PocketID just sends whatever it has as the user's email to the apps in the claim, which mean all of these apps are using the PocketID specific email address of my user, instead of their own.

But I'm sure there's other use cases for templated custom mapping fields.

Originally created by @Ulrar on GitHub (Aug 2, 2025). ### Feature description Some basic templating support in the Custom Claims section of the user, to override fields such as email with something like `$serviceName`. There may be a better way of doing this, that's just the first thing that came to mind. ### Pitch I realize this is a bit of a niche use case, but I use a different email address per service. Currently PocketID just sends whatever it has as the user's email to the apps in the claim, which mean all of these apps are using the PocketID specific email address of my user, instead of their own. But I'm sure there's other use cases for templated custom mapping fields.

OVERLORD added the needs more upvotes label 2026-02-04 19:30:13 +03:00

OVERLORD commented 2026-02-04 19:30:26 +03:00

Author

Owner

Copy Link

@ItalyPaleAle commented on GitHub (Aug 8, 2025):

Would #781 be a way for you to implement this?

@ItalyPaleAle commented on GitHub (Aug 8, 2025): Would #781 be a way for you to implement this?

OVERLORD commented 2026-02-04 19:30:36 +03:00

Author

Owner

Copy Link

@Ulrar commented on GitHub (Aug 8, 2025):

@ItalyPaleAle there's already a way to add custom fields from the UI, but as far as I know it only takes plain text. I suppose fetching these from http may work but then I'd have to make and maintain an api for that, it's not ideal

@Ulrar commented on GitHub (Aug 8, 2025): @ItalyPaleAle there's already a way to add custom fields from the UI, but as far as I know it only takes plain text. I suppose fetching these from http may work but then I'd have to make and maintain an api for that, it's not ideal

OVERLORD commented 2026-02-04 19:30:43 +03:00

Author

Owner

Copy Link

@ItalyPaleAle commented on GitHub (Aug 8, 2025):

Indeed, having to maintain an API is the price you pay.

The benefits are that it's a lot more flexible (you can interact with external DBs, for example), and it doesn't require implementing a new DSL, which would result in a lot of things asked for the future.

An alternative I considered for #781 was suggesting the inclusion of a built-in engine, for example using wazero, but that comes with other complexities

@ItalyPaleAle commented on GitHub (Aug 8, 2025): Indeed, having to maintain an API is the price you pay. The benefits are that it's a lot more flexible (you can interact with external DBs, for example), and it doesn't require implementing a new DSL, which would result in a lot of things asked for the future. > An alternative I considered for #781 was suggesting the inclusion of a built-in engine, for example using [wazero](https://github.com/tetratelabs/wazero), but that comes with other complexities

OVERLORD commented 2026-02-04 19:30:50 +03:00

Author

Owner

Copy Link

@h3nnes commented on GitHub (Dec 30, 2025):

Stumbled across this issue when I tried setting up Mailcow with Pocket-ID (via generic-OIDC). The email address configured in my Pocket-ID profile does not match the mail ccount address in mailcow, so I was looking for a way to override the email claim to the mail address of my Mailcow mail account.

With a bit of help through non-biological intelligence, I've created a PoC with claim remapping capability. There are three ways to override claims for an individual app:

1. By a user field claim value (like first name, last name, etc.)
2. By a custom claim defined for the user
3. By a custom static value

The feature is located in the advanced configuration section inside an OIDC-client. Docker image available here for testing.

For my usecase to override the email claim, it works like a charm.

@h3nnes commented on GitHub (Dec 30, 2025): Stumbled across this issue when I tried setting up Mailcow with Pocket-ID (via [generic-OIDC](https://docs.mailcow.email/manual-guides/mailcow-UI/u_e-mailcow_ui-generic-oidc/)). The email address configured in my Pocket-ID profile does not match the mail ccount address in mailcow, so I was looking for a way to override the email claim to the mail address of my Mailcow mail account. With a bit of help through non-biological intelligence, I've created a PoC with claim remapping capability. There are three ways to override claims for an individual app: 1. By a user field claim value (like first name, last name, etc.) 2. By a custom claim defined for the user 3. By a custom static value The feature is located in the advanced configuration section inside an OIDC-client. [Docker image available here for testing](https://github.com/h3nnes/pocket-id/pkgs/container/pocket-id/656493795?tag=next). For my usecase to override the email claim, it works like a charm. <img width="2113" height="640" alt="Image" src="https://github.com/user-attachments/assets/fe1fef4f-412c-4804-b930-d551a1294290" />

OVERLORD commented 2026-02-04 19:30:59 +03:00

Author

Owner

Copy Link

@Ulrar commented on GitHub (Dec 30, 2025):

That looks interesting, are you going to open a PR for it ?

@Ulrar commented on GitHub (Dec 30, 2025): That looks interesting, are you going to open a PR for it ?

OVERLORD commented 2026-02-04 19:31:06 +03:00

Author

Owner

Copy Link

@h3nnes commented on GitHub (Dec 30, 2025):

@Ulrar I'm a bit hesitant about opening a PR. Since parts of the code are generated by Claude Code, I'm not sure if it meets the design, quality or security standards expected by the main developers (I'm not really a coder myself).

It should be more of a proof of concept, perhaps it will help to give an idea of what it could look like.

@h3nnes commented on GitHub (Dec 30, 2025): @Ulrar I'm a bit hesitant about opening a PR. Since parts of the code are generated by Claude Code, I'm not sure if it meets the design, quality or security standards expected by the main developers (I'm not really a coder myself). It should be more of a proof of concept, perhaps it will help to give an idea of what it could look like.

OVERLORD commented 2026-02-04 19:31:12 +03:00

Author

Owner

Copy Link

@h3nnes commented on GitHub (Jan 7, 2026):

@stonith404 Please check out this comment where I've compiled a PoC for claim remapping per OIDC client. I figured this could be useful for certain apps.

Is this something you would be interested in taking on and implementing into pocket-id?

The reason I didn't open a PR so far is because the PoC was half crafted using AI and I feel like it would be better to take a look at it here first before wasting your time reviewing a PR.

Thank you!

@h3nnes commented on GitHub (Jan 7, 2026): @stonith404 Please check out [this comment](https://github.com/pocket-id/pocket-id/issues/807#issuecomment-3700264843) where I've compiled a [PoC](https://github.com/h3nnes/pocket-id/pkgs/container/pocket-id/656493795?tag=next) for claim remapping per OIDC client. I figured this could be useful for certain apps. Is this something you would be interested in taking on and implementing into pocket-id? The reason I didn't open a PR so far is because the PoC was half crafted using AI and I feel like it would be better to take a look at it here first before wasting your time reviewing a PR. Thank you!

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

i18n_crowdin

chore/depot

fix/callback-wildcard-matching

feat/email-verification

oidc-scopes

default-env-db-keys

slog-gorm

v2.3.0

v2.2.0

v2.1.0

v2.0.2

v2.0.1

v2.0.0

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

bug

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label needs more upvotes

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#403