We have a requirement where we want some users to get additional permissions values based on their metadata and not just the roles, while OTHER users would get the same claims based on roles.
So on the resource server side we want to check a single claim value (permissions) while on the auth0 side we want to BOTH include roles in the access token AND add more values to it.
Hi @azns ,
Based on the information above, I understand that you need additional permissions if certain data exists in the metadata. Is that correct?
I’ve added a sample Action script below that you can use. The condition will need to be modified based on the structure of your metadata. If you can provide the exact metadata values, I can customize the script further for your requirements.
Example Code:
exports.onExecutePostLogin = async (event, api) => {
const userDetails = event.user.app_metadata;
// Check if the required information exists in app_metadata
if (condition based on your requirement) {
// Set a custom claim in the ID token
api.idToken.setCustomClaim("Permission", "Value");
}
};