Storing custom claims in Auth0 JWT?

How do I store parts of user_metadata in a custom claim inside auth0 JWT?

I added a rule which contains:

function (user, context, callback) {
   user.user_metadata = user.user_metadata || {};

   user.my_claim = user.my_claim || {};
   user.my_claim.firstName = user.user_metadata.firstName;
   user.my_claim.lastName = user.user_metadata.lastName;

   callback(null, user, context);
}

I also made sure that i’m passing openid profile my_claim in the scope parameter during logins. But the final JWT does not contain my_claim JSON.

Been pulling my hair on this for hours. Could someone help me figure out what i’m missing?

1 Like

This is what I am doing:

function (user, context, callback) {

  // If an access token is present, add a property to it
  if (context.accessToken) {
    var someproperty = user.someproperty || (user.app_metadata && user.app_metadata.someproperty);
    var namespace = 'https://myappapi.mycompany.com/';
    if (someproperty){
      context.accessToken[namespace + 'someproperty'] = someproperty;
    }
  }

  callback(null, user, context);
}

This is somewhat interesting. I’ve never seen this done anywhere and most of the stuff that I do see simply adds the property to the user object which has to match one of the scopes passed in. At least this is what I’m reading from Auth0 devs which does not work. Is there a reason why you’re prefixing property name with a URL?

@account This is based on our new flows that aim to make our tokens more aligned with the OIDC specifications. The documentation for the namespaced claims is here: OpenID Connect Scopes