I want to use User Details view to set user’s role using app_metadata and then in my Angular app, use Auth0 Lock to determine what to show the user, based on the stored role.
I do not need to modify the role from the app, as per app_metadata concept.
What I’ve tried
In my Auth service, in Angular, I initialise my client:
auth0 = new auth0.WebAuth({
clientID: 'xxx',
domain: 'mydomain.auth0.com',
responseType: 'token id_token',
audience: 'https://myurl/userinfo',
redirectUri: `${environment.appUrl}/login-callback`,
scope: 'openid name picture app_metadata'
});
...
// And when I need to login
this.auth0.authorize();
What I get in response is:
{
"sub": "facebook|1234567890"
}
Note that it doesn’t include any of the claims, including requested name, picture or app_metadata. If I add profile claim to the scope, I get the name, picture etc. but not the app_metadata.
I would greatly appreciate if somebody pointed me in the right way to getting the app_metadata to work the way described in the first paragraph.
In order to align more closely with the OIDC specs, the id_token now doesn’t contain any non-OIDC claims, e.g. app_metadata. You do have the option of explicitly setting custom claims in the id_token via a rule; this is outlined further in the following doc:
Thanks for your reply. I actually looked at that page, but as I see it, the instructions described there outline the process of creating custom claims along with setting values to them. However I don’t require setting any claims, rather only retrieving them.
The code block shows how to set them programmatically, however I would like to set them from the Auht0 dashboard. Is there a way to specify a namespace for claims from the dashboard or should I just use a prefix for them?
Thanks for your reply. I actually looked at that page, but as I see it, the instructions described there outline the process of creating custom claims along with setting values to them. However I don’t require setting any claims, rather only retrieving them.
The code block shows how to set them programmatically, however I would like to set them from the Auht0 dashboard. Is there a way to specify a namespace for claims from the dashboard or should I just use a prefix for them?
@toomas The claims set via the Rule are only added to the relevant token (id_token or access_token), and are not persisted in the user profile. E.g. you can simply retrieve some user_metadata attribute, and add it to the id_token, for you to access and use in your frontend:
The namespace or custom claims for the tokens cannot be set in the dashboard; they must be done in a Rule. The namespace can be any identifier you wish to use, commonly your application URL.
Do I understand this correctly that it is not possible to retrieve user_metadata at once with the initial authorization callback (when I get the id_token)?