Add custom claim to jwt

fourjustoneday · June 4, 2021, 11:03am

Hello,
I try to use oauth0 as test authentication server. I managed to get jwt token from it
jwt

Is it possible to add custom set of claims to it? I searched for several hours for it, no luck.

craig4 · June 4, 2021, 12:11pm

Hey,

If I understand correctly you can use the Rules feature to achieve this.

Here is an example of doing this, (this example is about roles but you can also add info from app_metadata etc.):

There is also the new Actions feature which should probably be used rather than Rules if you are starting from scratch.

Hope that helps.

fourjustoneday · June 5, 2021, 6:10am

I found Rules and Actions parts, looks promising. But when I try to create either of them, I get message " Error! You don’t have permissions to access the resource" I am the only person behind this oauth instance; how come that I dont have permissions?

colin.coutts · June 5, 2021, 7:04pm

Hi @fourjustoneday thanks for reaching out, I believe @craig4 is pointing you in the right direction.

Can you provide a screenshot of where you’re seeing this error Error! You don’t have permissions to access the resource? Is it when you try and create a Rule?

Best Regards,
Colin

fourjustoneday · June 6, 2021, 5:46am

I can not provide screenshot because it is working today. I tried to create rule and action and saw small popup with red cross and text " Error! You don’t have permissions to access the resource" when I pressed “save changes” in rule creation window and on the small action window where I write name and select it’s trigger. Glad it’s fixed

fourjustoneday · June 6, 2021, 3:12pm

Ok, going further inside this rabbit hole. I made hello world rule:

function (user, context, callback) {
var namespace = ‘Pulsar Trading Capital’;
context.accessToken[namespace] = “world”;
callback(null, user, context);
}

Then I try to request for token and see that nothing changes. I googled around and found this topic:

next I try to add scope to my request like this:
“scope” : “Pulsar Trading Capital”
and it gives me 403 with message
{

"error": "access_denied",

"error_description": "Client has not been granted scopes: https://pulsar.com/hello"

}
Then I found this Add API Permissions
But on my permissions page there is no fields and buttons to add new one; only a list of existing fields.
How do I proceed?

fourjustoneday · June 7, 2021, 4:48am

I tried adding action

exports.onExecuteCredentialsExchange = async (event, api) => {
api.accessToken.setCustomClaim(“Pulsar Trading Capital”, “world”);

};

with type M2M/ client_Credentials because it’s the type I use. Behaviour is the same.

colin.coutts · June 9, 2021, 9:42pm

Hi, @fourjustoneday

I just ran your rule like so:

function(user, context, callback){

  var namespace = "https://pulsar.com/hello";
  context.accessToken[namespace] = "world";
  
  callback(null, user, context);
}

I received an Access Token with this data:

Screen Shot 2021-06-09 at 2.37.51 PM

Is that the result you were going for? If you’d like you could send my your tenant in a DM so I can see if I notice anything that could be causing this.

Best,
Colin

fourjustoneday · June 10, 2021, 5:00am

It’s working now, I dont know what was the problem. We achieved the result we need, thanks for your service.

konrad.sopala · June 10, 2021, 8:04am

Perfect! Glad to hear that!