Add custom scopes in the access token ( Authorization code flow with OIDC provider)

joseantonio.rey · September 8, 2020, 3:36pm

Once the token has been generated, you should not be tampering with the scopes. You can add metadata, but tampering with the scopes takes away all the security benefits of this specific part of the flow.

On the other hand, you list accessTokem when the correct object is accessToken, and you are not namespacing your claims. Make sure that you follow the document step by step in order to achieve the intended results.

Topic		Replies	Views
How can I get my custom scopes in the access token? Help login-experience , free-trial	2	59	October 7, 2024
Adding Additional Scopes in a Rule Help rules , scopes	2	2167	September 9, 2022
Struggling to add custom scope to jwt Help jwt , auth0	2	5478	July 26, 2019
Group scope in OIDC? Help	9	20798	August 29, 2019
"id_token" missing in "/oath/token" response when Rule adds custom scope to "context.accessToken" Help id_token , rules , access-token , authorization-code-f	8	10339	August 17, 2019

Add custom scopes in the access token ( Authorization code flow with OIDC provider)

Related topics