I am implementing support for Duo in my web app as an OIDC IdP. I have implemented the necessary code and set up a free account that links to Azuere AD as a SAML provider.
I can authenticate against Duo, use the authorization code to get a token, and use the token to get the user info, but the only data that is returned is:
"family_name" => "Lacey",
"given_name" => "Peter",
"name" => "Peter Lacey",
"sub" => "06166f708a1c12351d8909fd587fb9e3722d10b9722cb6775caef6c9dd7ecfbe",
"user" => "placey"
I have verified that I include 'email' in the scope parameter, along with openid and profile. I have verified that I have mapped the 'Email' claim (capitalized) to the 'user.mail' value in Azure. And I have verified that the app integration has the email scope checked and maps <Email Address> IdP attribute to the 'email' claim.
Any idea what I'm missing here?