Hello,
currently, the UserSessionNote mapper only allows mapping the note into the Access Token, Id Token and Access Token Response, but not into the UserInfo Token.
Is there a technical reason for this omission, or was it simply forgotten?
This is then automatically picked up by OIDCAttributeMapperHelper#addIncludeInTokensConfig.
I've been able to verify locally that this allows user session notes to be mapped into the UserInfo Token.
I still need to write a test for this, but I'm not quite sure where to put one.
I could create a mapper there and try to map in AUTH_TIME or KC_DEVICE_NOTE which should usually be present without having to manually add information to the user session.
Cheers
Simon