> **Building with AI coding agents?** If you're using an AI coding agent, install the official Scalekit plugin. It gives your agent full awareness of the Scalekit API — reducing hallucinations and enabling faster, more accurate code generation. > > - **Claude Code**: `/plugin marketplace add scalekit-inc/claude-code-authstack` then `/plugin install @scalekit-auth-stack` > - **GitHub Copilot CLI**: `copilot plugin marketplace add scalekit-inc/github-copilot-authstack` then `copilot plugin install @scalekit-auth-stack` > - **Codex**: run the bash installer, restart, then open Plugin Directory and enable `` > - **Skills CLI** (Windsurf, Cline, 40+ agents): `npx skills add scalekit-inc/skills --list` then `--skill ` > > `` / ``: `agent-auth`, `full-stack-auth`, `mcp-auth`, `modular-sso`, `modular-scim` — [Full setup guide](https://docs.scalekit.com/dev-kit/build-with-ai/) --- # Normalized user profile When a user logs in with SSO, each identity provider shares the user profile information in their own format. This adds complexity for the application developers to parse the user profile info and code related identity workflows. To make this seamless for developers, Scalekit normalizes the user profile info into a standard set of fields across all identity providers. This means that you'd always receive the user profile payload in a fixed set of fields, irrespective of the identity provider and protocol you interact with. This is one of our foundational aspects of the unified SSO solution. ```json title="Sample normalized user profile" { "email": "john.doe@acmecorp.com", "email_verified": true, "family_name": "Doe", "given_name": "John", "locale": "en", "name": "John Doe", "picture": "https://lh3.googleusercontent.com/a/ACg8ocKNE4TZ...iEma17URCEf=s96-c", "sub": "conn_17576372041941092;google-oauth2|104630259163176101050", "identities": [ { "connection_id": "conn_17576372041941092", "organization_id": "org_17002852291444836", "connection_type": "OIDC", "provider_name": "AUTH0", "social": false, "provider_raw_attributes": { "aud": "ztTgHijLLguDXJQab0oiPyIcDLXXrJX6", "email": "john.doe@acmecorp.com", "email_verified": true, "exp": 1714580633, "family_name": "Doe", "given_name": "John", "iat": 1714544633, "iss": "https://dev-rmmfmus2g7vverbf.us.auth0.com/", "locale": "en", "name": "John Doe", "nickname": "john.doe", "nonce": "Lof9SpxEzs9dhUlJzgrrbQ==", "picture": "https://lh3.googleusercontent.com/a/ACg8ocKNE4T...17URCEf=s96-c", "sid": "5yqRJIfjPh8c7lr1s2N-IbY6WR8VyaIZ", "sub": "google-oauth2|104630259163176101050", "updated_at": "2024-04-30T10:02:30.988Z" } } ] } ``` ## Full list of user profile attributes | Profile attribute | Data type | Description | |------------------|-----------|-------------| | `sub` | string | An identifier for the user, as submitted by the identity provider that completed the single sign-on. | | `email` | string | The user's email address. | | `email_verified` | boolean | True if the user's e-mail address has been verified as claimed by the identity provider; otherwise false. | | `name` | string | Fully formatted user's name | | `family_name` | string | The user's surname or last name. | | `given_name` | string | The user's given name or first name. | | `locale` | string | The user's locale, represented by a BCP 47 language tag. Example: 'en' | | `picture` | string | The user's profile picture in URL format | | `identities` | Array of [Identity objects](/sso/guides/user-profile-details/#identity-object-attributes) | Array of all identity information received from the identity providers in the raw format | ### Identity object attributes | Identity attribute | Data type | Description | |-------------------|-----------|-------------| | `organization_id` | string | Unique ID of the organization to which this user belongs to | | `connection_id` | string | Unique ID of the connection for which this identity data is fetched from | | `connection_type` | string | type of the connection: SAML or OIDC | | `provider_name` | string | name of the connection provider. Example: Okta, Google, Auth0 | | `social` | boolean | Is the connection a social provider (like Google, Microsoft, GitHub etc) or an enterprise connection. | | `provider_raw_attributes` | object | key-value map of all the raw attributes received from the connection provider as-is | **Note:** - The `sub` field is a concatenation of the `connection_id` and a unique identifier assigned to the user by the identity provider. - The identities array may contain multiple objects if the user has authenticated through different methods. - The `provider_raw_attributes` object contains all original data from the identity provider, which may vary based on the provider and connection type. --- ## More Scalekit documentation | Resource | What it contains | When to use it | |----------|-----------------|----------------| | [/llms.txt](/llms.txt) | Structured index with routing hints per product area | Start here — find which documentation set covers your topic before loading full content | | [/llms-full.txt](/llms-full.txt) | Complete documentation for all Scalekit products in one file | Use when you need exhaustive context across multiple products or when the topic spans several areas | | [sitemap-0.xml](https://docs.scalekit.com/sitemap-0.xml) | Full URL list of every documentation page | Use to discover specific page URLs you can fetch for targeted, page-level answers |