Authenticated User object has empty profile attribute

[mellis481]

My application is currently using two different IdPs, both using authorization code flow: Auth0 and a home-grown auth provider. oidc-client-ts operations (eg. sign in, sign out, etc.) are all working fine with both IdPs. The only issue is that, in our home-grown auth provider, the authenticated User object (the result of signinCallback() and what is stored in the oidc.user session storage item) is not spec-compliant. Namely, instead of having a profile property with at least sub, iss, aud, exp, and iat properties, the profile property is simply an empty object ({}).

Interestingly, the access_token prop value for the User/session storage item includes those properties. Here is an example of a decoded JWT:

{
  "sub": "admin",
  "aud": "",
  "nbf": 1734542699,
  "scope": [
    "profile"
  ],
  "iss": "http://localhost:8095/auth",
  "exp": 1734549899,
  "iat": 1734542699,
  "userId": 11,
  "jti": "<some guid>"
}

It seems like the User is simply the response from the token endpoint call that is made during the signinCallback() execution. The data included in the token endpoint call for our home-grown auth provider is:

grant_type: authorization_code
redirect_uri: http://localhost:8095/ui/authorize
code: <some code>
code_verifier: <some verifier>
client_id: my-service

And the response is:

{
  access_token: "some access token",
  expires_in: 7200,
  scope:  "profile",
  token_type: "Bearer"
}

Any idea why the profile property is an empty object for our one IdP?