Add custom claim to jwt

I try to use oauth0 as test authentication server. I managed to get jwt token from it

Is it possible to add custom set of claims to it? I searched for several hours for it, no luck.


If I understand correctly you can use the Rules feature to achieve this.

Here is an example of doing this, (this example is about roles but you can also add info from app_metadata etc.):

There is also the new Actions feature which should probably be used rather than Rules if you are starting from scratch.

Hope that helps.

I found Rules and Actions parts, looks promising. But when I try to create either of them, I get message " Error! You don’t have permissions to access the resource" I am the only person behind this oauth instance; how come that I dont have permissions?

Hi @fourjustoneday thanks for reaching out, I believe @craig4 is pointing you in the right direction.

Can you provide a screenshot of where you’re seeing this error Error! You don’t have permissions to access the resource? Is it when you try and create a Rule?

Best Regards,

I can not provide screenshot because it is working today. I tried to create rule and action and saw small popup with red cross and text " Error! You don’t have permissions to access the resource" when I pressed “save changes” in rule creation window and on the small action window where I write name and select it’s trigger. Glad it’s fixed :smiley:

Ok, going further inside this rabbit hole. I made hello world rule:

function (user, context, callback) {
var namespace = ‘’;
context.accessToken[namespace] = “world”;
callback(null, user, context);

Then I try to request for token and see that nothing changes. I googled around and found this topic:

next I try to add scope to my request like this:
“scope” : “
and it gives me 403 with message

"error": "access_denied",

"error_description": "Client has not been granted scopes:"

Then I found this Add API Permissions
But on my permissions page there is no fields and buttons to add new one; only a list of existing fields.
How do I proceed?

I tried adding action

exports.onExecuteCredentialsExchange = async (event, api) => {
api.accessToken.setCustomClaim(“”, “world”);


with type M2M/ client_Credentials because it’s the type I use. Behaviour is the same.

Hi, @fourjustoneday

I just ran your rule like so:

function(user, context, callback){

  var namespace = "";
  context.accessToken[namespace] = "world";
  callback(null, user, context);

I received an Access Token with this data:

Screen Shot 2021-06-09 at 2.37.51 PM

Is that the result you were going for? If you’d like you could send my your tenant in a DM so I can see if I notice anything that could be causing this.


It’s working now, I dont know what was the problem. We achieved the result we need, thanks for your service.

1 Like

Perfect! Glad to hear that!