Hi there,
I’ve been trying to follow the Auth0 docs to get a custom claim added to an access token.
The following code inside an action doesn’t work:
const namespace = 'http://bruce.nexbe/';
// https://auth0.com/docs/get-started/apis/scopes/sample-use-cases-scopes-and-claims#add-custom-claims-to-a-token
// extract the bruce_role from app_metadata
const bruce_role = event.user.app_metadata['bruce_role'] ?? '';
api.idToken.setCustomClaim(`${namespace}/bruce_role`, bruce_role);
const region = event.user.user_metadata['region'] ?? 'unknown region';
api.idToken.setCustomClaim(`${namespace}/region`, region);
//console.log('adding region to access token');
api.accessToken.setCustomClaim(`${namespace}/region`, region);
However, i’ve just tried using a Rule with the following code:
function addEmailToAccessToken(user, context, callback) {
var namespace = 'http://bruce.nexbe/';
const region = user.user_metadata.region || "unknown region";
context.accessToken[namespace + 'region'] = region;
return callback(null, user, context);
}
and the access token now contains the expected claim:
{
"http://bruce.nexbe/region": "Canterbury",
"iss": "....au.auth0.com/",
"sub": "auth0|603edec1b5929e006b5dc2ee",
"aud": [
"https://bruce.api.dev",
"https://.../userinfo"
],
"iat": 1655281919,
"exp": 1655368319,
"azp": "z0Qd2eu7yAn4O6b5DaQz5kOocNJBtuVr",
"scope": "openid profile offline_access"
}
Anybody got any idea why? TIA
Hi there @kelly.cliffe1 welcome to the community!
Have you had any luck sorting this out? Are you using a Post Login Action or something else? Your code looks OK to me so but I’d need to test this myself.
Let us know either way!
Hi there,
I haven’t really looked for other solutions - it’s working as described above so we’ve moved onto other issues. To be honest I’m not sure how we’d diagnose the action any further. Yes, it’s a Post Login action.
Cheers
Thanks for responding, and good to know it’s working in the context of a rule!
I suppose I’d need to see the structure of the app_metadata, but that being said it seems like there could be a compatibility issue regarding legacy (authorization extension/rules) vs current (authorization core/actions). You can read more about Authorization Core vs. Authorization extension as well as the best practice to add roles to tokens using an Action:
https://auth0.com/docs/authorization/authorization-core-vs-authorization-extension
https://community.auth0.com/t/how-to-add-roles-and-permissions-to-the-id-token-using-actions/84506
Hope this helps if you decide to go that route 
Hi,
User_meta is pretty simple:
{
“region”: “…value…”
}
I read both linked articles - the Faq article is mainly relevant in that it shows setting of the access token value? Which i take it works theoretically - just not for us inside our action.
The Auth Core vs. Auth Extension - to be honest i’m not sure what the relevance is - is this an RBAC scenario?
I guess i’m still trying to understand why pretty much 1 line of code works in the rule, and not in the action - it feels like i’ve done something dumb, but i’m not sure what…
Thanks for replying by the way.