Is this possible? The only way I’ve been able to get /userinfo
to return custom into is to have a rule add claims to the context.idtoken[mynamspace].
Is there any way to avoid putting data in the id_token that I want to get with userinfo calls?
Is this possible? The only way I’ve been able to get /userinfo
to return custom into is to have a rule add claims to the context.idtoken[mynamspace].
Is there any way to avoid putting data in the id_token that I want to get with userinfo calls?
Hi @chargraves,
Welcome to the Auth0 Community!
Unfortunately, there is no way to add custom claims to the /userinfo
endpoint.
First, you can only make a GET
request to the /userinfo
endpoint, meaning that you can only read the data.
Next, the recommended way for adding custom claims is by using a Rule as you have done so. This is also described in our docs here.
Unfortunately, there isn’t any way to call the /userinfo
without the already appended custom claims. This is because, in the authorization flow, rules are triggered immediately after a successful login. Therefore, the tokens you request will always have the custom claims included.
In this scenario, there are a couple of options. You could either disable the rule completely, but I don’t believe this is what you want.
Or, you could filter the results from the /userinfo
request for only the claims you want.
Please let me know if you have any further questions.
Thank you.
Hi @chargraves,
It’s been some time since I have heard from you.
I believe I may have misunderstood your question and wanted to address it again.
Unfortunately, it is not possible to specifically add custom claims to the /userinfo
endpoint. If you must retrieve custom claims from the /userinfo
endpoint, you must write a Rule that appends the custom claims to the id token.
Doing so will allow you to call the /userinfo
endpoint to retrieve the custom claims:
function (user, context, callback) {
const namespace = 'https://myapp.example.com';
const custom_claim = "YOUR_CUSTOM_CLAIM";
let idTokenClaims = context.idToken || {};
idTokenClaims[`${namespace}/custom_claim`] = custom_claim;
context.idToken = idTokenClaims;
return callback(null, user, context);
}
Please let me know if there are any further questions. I’d be happy to help.
Thank you
Does /userinfo return custom ID-token claims that are not added to the access token?
Use case - make the heavier claims available to stateless downstream API-s from /userinfo, while keeping the access token light. ID token stays in the frontend, it is not passed to downstream requests.